Volerion logoVolerion
Volerion logoVolerion

Microsoft Windows Information Disclosure Vulnerability in Windows Hello

Vulnerability

A vulnerability allowing sensitive information exposure to an unauthorized actor has been identified in Windows Hello, part of the Windows operating system. This issue allows an authorized attacker to locally disclose secrets or privileged information belonging to the user of the affected application. The vulnerability is present in several versions of Windows 11, Windows Server 2025, and Windows 10, and is caused by improper handling of information in the Windows Hello feature.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information, such as secrets or privileged data belonging to the user of the affected application.

Remediation

Users can apply the security updates released on June 10, 2025, to address this vulnerability. These security updates are available through the Microsoft Update Catalog.

Added: Jun 10, 2025, 7:01 PM
Updated: Jun 10, 2025, 7:01 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
2.8
remediation
7.7
relevance
0.2
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.