CVE-2025-21194
HIGHDescription
Microsoft Surface Security Feature Bypass Vulnerability
Is your site exposed to CVE-2025-21194?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | surface_hub_2s_firmware |
| microsoft | surface_hub_2s |
| microsoft | surface_pro_8_for_business_1983_firmware |
| microsoft | surface_pro_8_for_business_1983 |
| microsoft | surface_laptop_go_firmware |
| microsoft | surface_laptop_go |
| microsoft | surface_laptop_go_2_firmware |
| microsoft | surface_laptop_go_2 |
| microsoft | surface_hub_3_50_firmware |
| microsoft | surface_hub_3_50 |
| microsoft | surface_hub_2s_firmware |
| microsoft | surface_hub_2s |
| microsoft | surface_pro_7\+_firmware |
| microsoft | surface_pro_7\+ |
| microsoft | surface_laptop_go_3_firmware |
| microsoft | surface_laptop_go_3 |
| microsoft | surface_go_3_firmware |
| microsoft | surface_go_3 |
| microsoft | surface_laptop_go_2_firmware |
| microsoft | surface_laptop_go_2 |
| microsoft | surface_pro_9_with_5g_1997_firmware |
| microsoft | surface_pro_9_with_5g_1997 |
| microsoft | surface_pro_9_with_5g_1996_firmware |
| microsoft | surface_pro_9_with_5g_1996 |
| microsoft | surface_laptop_3_1867_firmware |
| microsoft | surface_laptop_3_1867 |
| microsoft | surface_laptop_3_1872_firmware |
| microsoft | surface_laptop_3_1872 |
| microsoft | surface_laptop_4_1958_firmware |
| microsoft | surface_laptop_4_1958 |
| microsoft | surface_laptop_4_1950_firmware |
| microsoft | surface_laptop_4_1950 |
| microsoft | surface_laptop_4_1952_firmware |
| microsoft | surface_laptop_4_1952 |
| microsoft | surface_laptop_4_1978_firmware |
| microsoft | surface_laptop_4_1978 |
| microsoft | windows_dev_kit_firmware |
| microsoft | windows_dev_kit |
| microsoft | surface_hub_2s_85_firmware |
| microsoft | surface_hub_2s_85 |
| microsoft | surface_hub_3_50_firmware |
| microsoft | surface_hub_3_50 |
| microsoft | surface_hub_3_85_firmware |
| microsoft | surface_hub_3_85 |
| microsoft | surface_pro_8_1983_firmware |
| microsoft | surface_pro_8_1983 |
| microsoft | surface_pro_8_for_business_with_lte_advanced_1982_firmware |
| microsoft | surface_pro_8_for_business_with_lte_advanced_1982 |
| microsoft | surface_hub_3_85_firmware |
| microsoft | surface_hub_3_85 |
| microsoft | surface_hub_2s_85_firmware |
| microsoft | surface_hub_2s_85 |
| microsoft | surface_go_3_1926_firmware |
| microsoft | surface_go_3_1926 |
| microsoft | surface_go_3_1901_firmware |
| microsoft | surface_go_3_1901 |
| microsoft | surface_go_3_2022_firmware |
| microsoft | surface_go_3_2022 |
| microsoft | surface_go_2_1926_firmware |
| microsoft | surface_go_2_1926 |
| microsoft | surface_go_2_1901_firmware |
| microsoft | surface_go_2_1901 |
| microsoft | surface_go_2_1927_firmware |
| microsoft | surface_go_2_1927 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-21194? +
How severe is CVE-2025-21194? +
What products are affected by CVE-2025-21194? +
How do I check if I'm vulnerable to CVE-2025-21194? +
Related Vulnerabilities
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is …
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in …
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted …
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to …
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail …
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured …