CVE-2025-27736

Summary

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.7969affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.7136affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.5737affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.5737affected
MicrosoftWindows 11 version 22H210.0.22621.0 < 10.0.22621.5189affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.5189affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.5189affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.3775affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.7969affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.7969affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.7136affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.7136affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.3453affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.1551affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.3775affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.3775affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References