Information Disclosure Vulnerability in Windows Hello by Microsoft
CVE-2025-47969

4.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 22h2; Windows Server 2025 (server Core Installation); Windows 11 Version 22h3; Windows 11 Version 23h2
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-47969?

The vulnerability in Windows Hello allows unauthorized actors to gain access to sensitive information due to improper handling of data. This exposure can lead to significant risks, as attackers could disclose critical information locally, impacting user security and privacy. It is essential for users and administrators to ensure their systems are updated and configured correctly to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.5335

Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22621.5335

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22621.5335

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
May 14, 2025