Elevated Privilege Vulnerability in Windows Hyper-V by Microsoft
CVE-2025-21334
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 14 January 2025
Badges
What is CVE-2025-21334?
A vulnerability exists in the Windows Hyper-V integration components that allows an attacker to elevate their privileges. By exploiting this issue, a malicious user could gain increased access to the system, potentially leading to unauthorized tasks or executing harmful applications. Microsoft has released a detailed advisory on this vulnerability, encouraging users to apply patches and updates to mitigate the risks associated with it.
CISA has reported CVE-2025-21334
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-21334 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 21H2 x64-based Systems 10.0.19043.0 < 10.0.19044.5371
Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5371
Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.4751
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved