CVE-2025-48640
HighCVSS 8.0Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.
Risk Assessment
The lack of proper permission checks may allow attackers to escalate privileges within the system, posing a serious security threat to the organization.
Recommendation
It is recommended to implement appropriate permission checks in areas where passkey pairing occurs to minimize the risk of privilege escalation.
Original NVD description (English source)
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

