CVE-2025-55334
published 2025-10-14CVE-2025-55334: Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.
PriorityP428medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.32%
23.5th percentile
Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_23h2 | < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_24h2 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_25h2 | < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.6899 | 10.0.26200.6899 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc6.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-45v6-9x5v-7h9m: Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally
ghsa_unreviewed·2025-10-14
CVE-2025-55334 [MEDIUM] CWE-312 GHSA-45v6-9x5v-7h9m: Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally
Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.
Microsoft
Windows Kernel Security Feature Bypass Vulnerability
vendor_msrc·2025-10-14·CVSS 6.2
CVE-2025-55334 [MEDIUM] CWE-312 Windows Kernel Security Feature Bypass Vulnerability
Windows Kernel Security Feature Bypass Vulnerability
Description: Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could decrypt the driver's settings.
Windows Kernel: Windows Kernel
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835
Reference: https://support.microsoft.com/help/5066835
Reference: https://catalog.update.microsoft.com/v7
No detection rules found.
No public exploits indexed.
2025-10-14
Published