CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0372: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows...

5.9 CVSS

Description

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.

Classification

CVE ID: CVE-2025-0372

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.9

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

Problem Types

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected Products

Vendor: HYPR

Product: Passwordless

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.88% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0372
https://www.hypr.com/trust-center/security-advisories

Timeline

2025-05-21 18:40:10 UTC
CVE

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows...