Microsoft Surface Security Feature Bypass Vulnerability
Conclusion & alert: CVE-2025-21194 is rated Moderate Risk (47.4/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.82%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.20% | 0.82% | +0.62% |
| 2 | 2026-04-07 | 0.26% | 0.20% | -0.06% |
| 3 | 2026-04-06 | — | 0.26% | — |
Full EPSS history (12 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.1 | 3.1 | HIGH |
|
1.2 | 5.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| microsoft | surface_hub_2s_firmware | — | cpe:2.3:o:microsoft:surface_hub_2s_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_pro_8_for_business_1983_firmware | — | cpe:2.3:o:microsoft:surface_pro_8_for_business_1983_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_go_firmware | — | cpe:2.3:o:microsoft:surface_laptop_go_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_go_2_firmware | — | cpe:2.3:o:microsoft:surface_laptop_go_2_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_hub_3_50_firmware | — | cpe:2.3:o:microsoft:surface_hub_3_50_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_pro_7\+_firmware | — | cpe:2.3:o:microsoft:surface_pro_7\+_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_go_3_firmware | — | cpe:2.3:o:microsoft:surface_laptop_go_3_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_go_3_firmware | — | cpe:2.3:o:microsoft:surface_go_3_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_pro_9_with_5g_1997_firmware | — | cpe:2.3:o:microsoft:surface_pro_9_with_5g_1997_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_pro_9_with_5g_1996_firmware | — | cpe:2.3:o:microsoft:surface_pro_9_with_5g_1996_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_3_1867_firmware | — | cpe:2.3:o:microsoft:surface_laptop_3_1867_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_3_1872_firmware | — | cpe:2.3:o:microsoft:surface_laptop_3_1872_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_4_1958_firmware | — | cpe:2.3:o:microsoft:surface_laptop_4_1958_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_4_1950_firmware | — | cpe:2.3:o:microsoft:surface_laptop_4_1950_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_4_1952_firmware | — | cpe:2.3:o:microsoft:surface_laptop_4_1952_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_laptop_4_1978_firmware | — | cpe:2.3:o:microsoft:surface_laptop_4_1978_firmware:-:*:*:*:*:*:*:* |
| microsoft | windows_dev_kit_firmware | — | cpe:2.3:o:microsoft:windows_dev_kit_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_hub_2s_85_firmware | — | cpe:2.3:o:microsoft:surface_hub_2s_85_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_hub_3_85_firmware | — | cpe:2.3:o:microsoft:surface_hub_3_85_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_pro_8_1983_firmware | — | cpe:2.3:o:microsoft:surface_pro_8_1983_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_pro_8_for_business_with_lte_advanced_1982_firmware | — | cpe:2.3:o:microsoft:surface_pro_8_for_business_with_lte_advanced_1982_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_go_3_1926_firmware | — | cpe:2.3:o:microsoft:surface_go_3_1926_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_go_3_1901_firmware | — | cpe:2.3:o:microsoft:surface_go_3_1901_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_go_3_2022_firmware | — | cpe:2.3:o:microsoft:surface_go_3_2022_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_go_2_1926_firmware | — | cpe:2.3:o:microsoft:surface_go_2_1926_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_go_2_1901_firmware | — | cpe:2.3:o:microsoft:surface_go_2_1901_firmware:-:*:*:*:*:*:*:* |
| microsoft | surface_go_2_1927_firmware | — | cpe:2.3:o:microsoft:surface_go_2_1927_firmware:-:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194 | Vendor Advisory |