{"data":{"id":"f69d1f36-2533-4106-a617-9517e296c59e","title":"CVE-2025-26644: Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hell","summary":"CVE-2025-26644 is a vulnerability in Windows Hello (a biometric authentication system) where its recognition mechanism fails to properly detect or handle adversarial input perturbations (slight changes designed to fool AI systems). This weakness allows a local attacker to spoof someone's identity without authorization.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-26644","publishedAt":"2025-04-08T18:15:48.347Z","cveId":"CVE-2025-26644","cweIds":["CWE-1039"],"cvssScore":"5.1","cvssSeverity":"medium","severity":"medium","attackType":["model_evasion"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","Windows Hello"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00427,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}