CVE-2025-27491

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?

Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.