Race Condition Vulnerability in HYPR Passwordless on Windows
CVE-2025-0372

5.9MEDIUM

Key Information:

Vendor

Hypr

Vendor
CVE Published:
21 May 2025

What is CVE-2025-0372?

A race condition vulnerability exists in HYPR Passwordless software on Windows, which allows an attacker to exploit improper synchronization of shared resources. This flaw could lead to privilege escalation, enabling unauthorized actions by malicious actors. Users of versions prior to 10.1 are advised to take immediate action to secure their systems against this vulnerability.

Affected Version(s)

Passwordless Windows 0 < 10.1

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.