Elevated Privilege Vulnerability in Windows Hyper-V by Microsoft
CVE-2025-21334

7.8HIGH

Key Information:

Badges

👾 Exploit Exists🦅 CISA Reported

What is CVE-2025-21334?

A vulnerability exists in the Windows Hyper-V integration components that allows an attacker to elevate their privileges. By exploiting this issue, a malicious user could gain increased access to the system, potentially leading to unauthorized tasks or executing harmful applications. Microsoft has released a detailed advisory on this vulnerability, encouraging users to apply patches and updates to mitigate the risks associated with it.

CISA has reported CVE-2025-21334

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-21334 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 21H2 x64-based Systems 10.0.19043.0 < 10.0.19044.5371

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5371

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.4751

References

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-21334 : Elevated Privilege Vulnerability in Windows Hyper-V by Microsoft