Privilege Escalation Vulnerability in HYPR Passwordless for Windows
CVE-2025-2102

5.7MEDIUM

Key Information:

Vendor: Hypr
Status: Passwordless
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-2102?

The vulnerability in HYPR Passwordless for Windows occurs due to improper link resolution before file access, known as 'Link Following'. This flaw allows attackers to escalate privileges, potentially resulting in unauthorized access and control. Users of versions prior to 10.1 should take immediate action to remediate this issue as outlined in official security advisories.

Affected Version(s)

Passwordless Windows 0 < 10.1

References

https://www.hypr.com/trust-center/security-advisories

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
Mar 7, 2025

Hypr

What is CVE-2025-2102?

Affected Version(s)

References

CVSS V4

Timeline