Windows Virtualization-Based Security Enclave Elevation of Privilege Vulnerability in Microsoft Products
CVE-2025-21370
7.8HIGH
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 14 January 2025
Summary
A vulnerability exists in the Windows Virtualization-Based Security (VBS) that allows an attacker to elevate privileges within an enclave. Successful exploitation could allow a malicious actor to gain access to restricted resources. This vulnerability highlights the importance of securing virtualized environments and maintaining updated security practices to mitigate potential risks.
Affected Version(s)
Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.4751
Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22621.4751
Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.4751
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved