| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2025-2884 | Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation | Windows 11, Windows Server | Important | 14-11-2025 |
Technical Information
A low-level attacker with local access to machine could exploit an out-of-bounds read in the TCG TPM2.0 reference implementation’s CryptHmacSign helper caused by missing validation between the signature scheme and the signature key algorithm to read sensitive memory and disclose information.
Patch release date: Oct 14, 2025
Further information on this vulnerability is available at : CVE-2025-2884
Affected Software
Windows 11 Version 25H2 for x64-based Systems,Windows 11 Version 22H2 for x64-based Systems,
Windows Server 2025 (Server Core installation),
Windows 11 Version 23H2 for x64-based Systems,
Windows Server 2022, 23H2 Edition (Server Core installation),
Windows 11 Version 24H2 for x64-based Systems,
Windows Server 2025