Surface Hub 2S Firmware
CVE-2025-21194
HIGH
Severity by source
AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Microsoft Surface Security Feature Bypass Vulnerability
AnalysisAI
Microsoft Surface Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Affected products include: Microsoft Surface Hub 2S Firmware, Microsoft Surface Pro 8 For Business 1983 Firmware, Microsoft Surface Laptop Go Firmware, Microsoft Surface Laptop Go 2 Firmware, Microsoft Surface Hub 3 50 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today