vulnerability
Microsoft Windows: CVE-2025-26644: Windows Hello Spoofing Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:M/Au:N/C:N/I:C/A:N) | Apr 8, 2025 | Apr 8, 2025 | May 8, 2026 |
Severity
5
CVSS
(AV:L/AC:M/Au:N/C:N/I:C/A:N)
Published
Apr 8, 2025
Added
Apr 8, 2025
Modified
May 8, 2026
Description
Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.
Solutions
microsoft-windows-windows_10-1809-kb5055519microsoft-windows-windows_10-21h2-kb5055518microsoft-windows-windows_10-22h2-kb5055518microsoft-windows-windows_11-22h2-kb5055528microsoft-windows-windows_11-23h2-kb5055528microsoft-windows-windows_11-24h2-kb5055523microsoft-windows-windows_server_2019-1809-kb5055519microsoft-windows-windows_server_2025-24h2-kb5055523
References
- CVE-2025-26644
- https://attackerkb.com/topics/CVE-2025-26644
- CWE-1039
- EUVD-EUVD-2025-10237
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-10237
- https://support.microsoft.com/help/5055518
- https://support.microsoft.com/help/5055519
- https://support.microsoft.com/help/5055523
- https://support.microsoft.com/help/5055528
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.