ByteOS Network

NVD Vulnerability Details :

CVE-2025-27731

Analyzed

More Info Official Page

Source-secure@microsoft.com

Published At-08 Apr, 2025 | 18:16

Updated At-08 Jul, 2025 | 17:09

Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Microsoft Corporation

>>windows_10_1809>>Versions before 10.0.17763.7136(exclusive)

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*

Microsoft Corporation

>>windows_10_1809>>Versions before 10.0.17763.7136(exclusive)

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*

Microsoft Corporation

>>windows_10_21h2>>Versions before 10.0.19044.5737(exclusive)

cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_22h2>>Versions before 10.0.19045.5737(exclusive)

cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_11_22h2>>Versions before 10.0.22621.5189(exclusive)

cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_11_23h2>>Versions before 10.0.22631.5189(exclusive)

cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_11_24h2>>Versions before 10.0.26100.3775(exclusive)

cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2019>>Versions before 10.0.17763.7136(exclusive)

cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2022>>Versions before 10.0.20348.3453(exclusive)

cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2022_23h2>>Versions before 10.0.25398.1551(exclusive)

cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2025>>Versions before 10.0.26100.3775(exclusive)

cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	secure@microsoft.com

References

Hyperlink	Source	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27731	secure@microsoft.com	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History