Heap-based Buffer Overflow Vulnerability in Windows Hyper-V by Microsoft
CVE-2025-24048

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 11 March 2025

Summary

A heap-based buffer overflow vulnerability exists in Windows Hyper-V, which could allow an authorized attacker to gain elevated privileges on the affected system. By exploiting this vulnerability, an attacker could execute arbitrary code with higher privileges than intended. This flaw emphasizes the importance of regular updates and patch management to mitigate potential exploitation.

Affected Version(s)

Windows 10 Version 1607 x64-based Systems 10.0.14393.0 < 10.0.14393.7876

Windows 10 Version 1809 x64-based Systems 10.0.17763.0 < 10.0.17763.7009

Windows 10 Version 21H2 x64-based Systems 10.0.19043.0 < 10.0.19044.5608

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Jan 16, 2025