CVE-2025-26644 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0) affecting the Windows Hello biometric authentication system. The vulnerability stems from an automated recognition mechanism that inadequately detects or handles adversarial input perturbations, classified under CWE-1039. Specifically, this flaw allows an unauthorized local attacker to spoof the Windows Hello authentication process by manipulating input data in a way that bypasses the system's recognition safeguards. The vulnerability does not require user interaction or prior authentication but does require local access to the targeted system. The CVSS v3.1 score is 5.1, reflecting a medium severity with a vector indicating local attack vector (AV:L), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was reserved in February 2025 and published in April 2025. This flaw could allow attackers to bypass biometric authentication, potentially granting unauthorized access to user accounts and sensitive data on affected Windows 10 systems. Given that Windows Hello is widely used for secure login, this vulnerability undermines the integrity of the authentication process, posing risks to system security and trustworthiness of biometric controls.

For European organizations, this vulnerability could have significant implications, especially for sectors relying heavily on Windows 10 Version 1809 with Windows Hello enabled for secure access, such as finance, healthcare, government, and critical infrastructure. The ability to spoof biometric authentication locally could lead to unauthorized access to sensitive systems and data, potentially enabling insider threats or attackers who gain physical or remote local access to devices. This could result in data integrity breaches, unauthorized transactions, or lateral movement within networks. Although the vulnerability does not impact confidentiality directly, the integrity compromise can lead to trust erosion in security controls and potential regulatory non-compliance under GDPR if unauthorized access leads to data misuse. The lack of user interaction and no need for prior privileges make it easier for attackers with local access to exploit, increasing risk in environments where endpoint security or physical device control is weak. However, the high attack complexity and local access requirement somewhat limit the scope of exploitation compared to remote vulnerabilities.

European organizations should prioritize upgrading affected systems to newer Windows 10 versions or later releases where this vulnerability is addressed. In the absence of an official patch, organizations should implement strict physical and logical access controls to limit local access to devices running Windows 10 Version 1809. Endpoint detection and response (EDR) solutions should be configured to monitor for suspicious local authentication attempts or anomalies in Windows Hello usage. Disabling Windows Hello biometric authentication temporarily on vulnerable systems can reduce risk, substituting with strong password or multi-factor authentication methods. Organizations should also enforce device encryption and strong lock screen policies to prevent unauthorized local access. Regular audits of device versions and authentication configurations are recommended to identify and remediate vulnerable endpoints. Additionally, user awareness training on the risks of local device compromise and enforcing strict device usage policies will help mitigate exploitation opportunities.