How to fix CVE-2025-21194?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Surface Hub 2S Firmware affected by CVE-2025-21194?

CVE-2025-21194 presents moderate security risk, a input validation vulnerability rated CVSS 7.1. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and consider compensating controls in the interim.

CVE-2025-21194

HIGH

2025-02-11 [email protected]

Microsoft Authentication Bypass Surface Hub 2S Firmware Surface Pro 8 For Business 1983 Firmware Surface Laptop Go Firmware Surface Laptop Go 2 Firmware Surface Hub 3 50 Firmware Surface Pro 7 Firmware Surface Laptop Go 3 Firmware Surface Go 3 Firmware Surface Pro 9 With 5G 1997 Firmware Surface Pro 9 With 5G 1996 Firmware Surface Laptop 3 1867 Firmware Surface Laptop 3 1872 Firmware Surface Laptop 4 1958 Firmware Surface Laptop 4 1950 Firmware Surface Laptop 4 1952 Firmware Surface Laptop 4 1978 Firmware Windows Dev Kit Firmware Surface Hub 2S 85 Firmware Surface Hub 3 85 Firmware Surface Pro 8 1983 Firmware Surface Pro 8 For Business With Lte Advanced 1982 Firmware Surface Go 3 1926 Firmware Surface Go 3 1901 Firmware Surface Go 3 2022 Firmware Surface Go 2 1926 Firmware Surface Go 2 1901 Firmware Surface Go 2 1927 Firmware

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:26 vuln.today

CVE Published

Feb 11, 2025 - 18:15 nvd

HIGH 7.1

DescriptionNVD

Microsoft Surface Security Feature Bypass Vulnerability

AnalysisAI

Microsoft Surface Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Affected products include: Microsoft Surface Hub 2S Firmware, Microsoft Surface Pro 8 For Business 1983 Firmware, Microsoft Surface Laptop Go Firmware, Microsoft Surface Laptop Go 2 Firmware, Microsoft Surface Hub 3 50 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-21194 vulnerability details – vuln.today

Back

CVE-2025-21194

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code