{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-27488","assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","state":"PUBLISHED","assignerShortName":"microsoft","dateReserved":"2025-02-26T14:42:05.978Z","datePublished":"2025-05-13T16:58:55.126Z","dateUpdated":"2026-02-13T19:21:16.843Z"},"containers":{"cna":{"title":"Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability","datePublic":"2025-05-13T07:00:00.000Z","cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_hlk_2025:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.26100.3478"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_hlk_24H2:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.26100.3478"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_hlk_1809:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.17763.7010"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_hlk_21H1:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.19041.5609"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_11_hlk_22H2:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.22621.5040"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_hlk_2022:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.20348.3330"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_hlk_20H2:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.19041.5609"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_hlk_22H2:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.19041.5609"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_hlk_21H2:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.19041.5609"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10_hlk_2004:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.19041.5609"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_hlk_2019:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"10.1.17763.7010"}]}]}],"affected":[{"vendor":"Microsoft","product":"Windows 10 HLK version 20H2","versions":[{"version":"1.0.0","lessThan":"10.1.19041.5609","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 HLK version 21H1","versions":[{"version":"1.0.0","lessThan":"10.1.19041.5609","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 HLK version 21H2","versions":[{"version":"1.0.0","lessThan":"10.1.19041.5609","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 10 HLK Version 22H2","versions":[{"version":"1.0.0","lessThan":"10.1.19041.5609","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 HLK 22H2","versions":[{"version":"1.0.0","lessThan":"10.1.22621.5040","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows 11 HLK 24H2","versions":[{"version":"1.0.0","lessThan":"10.1.26100.3478","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows HLK for Windows 10 version 2004","versions":[{"version":"1.0.0","lessThan":"10.1.19041.5609","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows HLK for Windows Server 2019","versions":[{"version":"1.0.0","lessThan":"10.1.17763.7010","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows HLK for Windows Server 2022","versions":[{"version":"1.0.0","lessThan":"10.1.20348.3330","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows HLK for Windows Server 2025","versions":[{"version":"1.0.0","lessThan":"10.1.26100.3478","versionType":"custom","status":"affected"}]},{"vendor":"Microsoft","product":"Windows HLK, version 1809","versions":[{"version":"1.0.0","lessThan":"10.1.17763.7010","versionType":"custom","status":"affected"}]}],"descriptions":[{"value":"Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.","lang":"en-US"}],"problemTypes":[{"descriptions":[{"description":"CWE-798: Use of Hard-coded Credentials","lang":"en-US","type":"CWE","cweId":"CWE-798"}]}],"providerMetadata":{"orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft","dateUpdated":"2026-02-13T19:21:16.843Z"},"references":[{"name":"Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability","tags":["vendor-advisory","patch"],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27488"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en-US","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","baseSeverity":"MEDIUM","baseScore":6.7,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-13T18:13:48.880230Z","id":"CVE-2025-27488","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-13T18:13:57.657Z"}}]}}