CVE-2025-48813Medium
MSR
MSR
Microsoft Security Response Center
The Security Update Guide is the source of truth for vulnerabilities in Microsoft products — KB article numbers, impacted builds and replacement patches. MSRC also assigns the MSRC-specific exploitability index used alongside CVSS.
Region
US
Updates
Patch Tuesday + ad-hoc
License
Proprietary
Microsoft's Security Update Guide, covering Windows, Office, Azure, SQL Server, Exchange and other first-party products.
https://msrc.microsoft.com/update-guide →Share link
Anyone with the link can open this vulnerability.
Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
CVSS
4.7
Medium
EPSS
0.00
p13
Published
2025-01-01
Updated
2025-01-01
Description
Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
Tags · CWE
CWE-324
CWE-324BaseDraft
Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
https://cwe.mitre.org/data/definitions/324.html →Open in CWE collection →Affected products
Windows_10_1809 < 10.0.17763.7919Windows_10_21h2 < 10.0.19044.6456Windows_10_22h2 < 10.0.19045.6456Windows_11_22h2 < 10.0.22621.6060Windows_11_23h2 ≤ 10.0.22631.6060Windows_11_24h2 < 10.0.26100.6899Windows_11_25h2 < 10.0.26200.6899Windows_server_2019 < 10.0.17763.7919Windows_server_2022 < 10.0.20348.4294Windows_server_2022_23h2 < 10.0.25398.1913Windows_server_2025 ≤ 10.0.26100.6899
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.002 · p13
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| windows_10_1809 | * | Tracked |
| windows_10_21h2 | * | Tracked |
| windows_10_22h2 | * | Tracked |
| windows_11_22h2 | * | Tracked |
| windows_11_23h2 | * | Tracked |
| windows_11_24h2 | * | Tracked |
| windows_11_25h2 | * | Tracked |
| windows_server_2019 | * | Tracked |
| windows_server_2022 | * | Tracked |
| windows_server_2022_23h2 | * | Tracked |
| windows_server_2025 | * | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
| Windows | Microsoft | Tracked |
Showing first 20 of 108
Source databases
MSR
MSR
Microsoft Security Response Center
The Security Update Guide is the source of truth for vulnerabilities in Microsoft products — KB article numbers, impacted builds and replacement patches. MSRC also assigns the MSRC-specific exploitability index used alongside CVSS.
Region
US
Updates
Patch Tuesday + ad-hoc
License
Proprietary
Microsoft's Security Update Guide, covering Windows, Office, Azure, SQL Server, Exchange and other first-party products.
https://msrc.microsoft.com/update-guide →CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Related vulnerabilities
External references