CVE-2025-27488— Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

CVSS 6.7 · Medium EPSS 0.71% · P72 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-27488

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用硬编码的凭证

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Windows Hardware Lab Kit 信任管理问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows Hardware Lab Kit是美国微软（Microsoft）公司的一种测试框架，用于验证硬件设备和驱动程序与 Windows 操作系统的兼容性。 Microsoft Windows Hardware Lab Kit存在信任管理问题漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响：Windows HLK for Windows Server 2025,Windows 11 HLK 24H2,Windows HLK Version 1809,Windows 1

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Microsoft	Windows 10 HLK version 20H2	1.0.0 ~ 10.1.19041.5609	-
Microsoft	Windows 10 HLK version 21H1	1.0.0 ~ 10.1.19041.5609	-
Microsoft	Windows 10 HLK version 21H2	1.0.0 ~ 10.1.19041.5609	-
Microsoft	Windows 10 HLK Version 22H2	1.0.0 ~ 10.1.19041.5609	-
Microsoft	Windows 11 HLK 22H2	1.0.0 ~ 10.1.22621.5040	-
Microsoft	Windows 11 HLK 24H2	1.0.0 ~ 10.1.26100.3478	-
Microsoft	Windows HLK for Windows 10 version 2004	1.0.0 ~ 10.1.19041.5609	-
Microsoft	Windows HLK for Windows Server 2019	1.0.0 ~ 10.1.17763.7010	-
Microsoft	Windows HLK for Windows Server 2022	1.0.0 ~ 10.1.20348.3330	-
Microsoft	Windows HLK for Windows Server 2025	1.0.0 ~ 10.1.26100.3478	-
Microsoft	Windows HLK, version 1809	1.0.0 ~ 10.1.17763.7010	-

II. Public POCs for CVE-2025-27488

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-27488

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-27488

Same Patch Batch · Microsoft · 2025-05-13 · 71 CVEs total

CVE-2025-30387	9.8 CRITICAL	Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
CVE-2025-29840	8.8 HIGH	Windows Media Remote Code Execution Vulnerability
CVE-2025-29964	8.8 HIGH	Windows Media Remote Code Execution Vulnerability
CVE-2025-29966	8.8 HIGH	Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-29967	8.8 HIGH	Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-29962	8.8 HIGH	Windows Media Remote Code Execution Vulnerability
CVE-2025-29963	8.8 HIGH	Windows Media Remote Code Execution Vulnerability
CVE-2025-32704	8.4 HIGH	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30377	8.4 HIGH	Microsoft Office Remote Code Execution Vulnerability
CVE-2025-30386	8.4 HIGH	Microsoft Office Remote Code Execution Vulnerability
CVE-2025-26646	8.0 HIGH	.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
CVE-2025-32701	7.8 HIGH	Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-30393	7.8 HIGH	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-30400	7.8 HIGH	Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-32706	7.8 HIGH	Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-30383	7.8 HIGH	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-24063	7.8 HIGH	Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2025-32709	7.8 HIGH	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-30381	7.8 HIGH	Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-29975	7.8 HIGH	Microsoft PC Manager Elevation of Privilege Vulnerability

Showing top 20 of 71 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Microsoft

Same weakness: CWE-798

V. Comments for CVE-2025-27488

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-27488— Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

I. Basic Information for CVE-2025-27488

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-27488

III. Intelligence Information for CVE-2025-27488

Same Patch Batch · Microsoft · 2025-05-13 · 71 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-27488

Leave a comment