CVE Catalog

CVE-2025-48640

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.

Risk Assessment

The lack of proper permission checks may allow attackers to escalate privileges within the system, posing a serious security threat to the organization.

Recommendation

It is recommended to implement appropriate permission checks in areas where passkey pairing occurs to minimize the risk of privilege escalation.

Original NVD description (English source)

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS