CVE-2025-26644: Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hell
mediumvulnerability
security
Summary
CVE-2025-26644 is a vulnerability in Windows Hello (a biometric authentication system) where its recognition mechanism fails to properly detect or handle adversarial input perturbations (slight changes designed to fool AI systems). This weakness allows a local attacker to spoof someone's identity without authorization.
Vulnerability Details
CVSS Score
5.1(medium)
EPSS (30-day exploit probability)
EPSS: 0.4%
Classification
Attack Type
Model Evasion
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedModel
Affected Vendors
Microsoft
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-26644
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 75%