CVE-2025-21194

Summary

Microsoft Surface Security Feature Bypass Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Surface Go-affected
MicrosoftMicrosoft Surface Hub-affected
MicrosoftMicrosoft Surface Laptop Go-affected
MicrosoftMicrosoft Surface Laptop Go 3-affected
MicrosoftMicrosoft Surface Pro-affected
MicrosoftMicrosoft Surface Pro 8-affected
MicrosoftMicrosoft Surface Pro 9 ARM-affected
MicrosoftSurface Laptop 3 with Intel Processor-affected
MicrosoftSurface Laptop 4 with AMD Processor-affected
MicrosoftSurface Laptop 4 with Intel Processor-affected
MicrosoftSurface Windows Dev Kit-affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References