CVE-2025-27472: Windows Mark of the Web Security Feature Bypass Vulnerability

5.4 CVSS

Description

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

Classification

CVE ID: CVE-2025-27472

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C

Problem Types

CWE-693: Protection Mechanism Failure

Affected Products

Vendor: Microsoft, Microsoft, Microsoft, Microsoft, Microsoft

Product: Windows 10 Version 1507, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 28.46% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27472
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27472

Timeline

2025-04-08 18:40:22 UTC
CVE

Windows Mark of the Web Security Feature Bypass Vulnerability