Exploitable User-Space Interfaces in Windows PV Drivers by Xen
CVE-2025-27462
9.4CRITICAL
What is CVE-2025-27462?
The Windows PV drivers expose critical functionalities to user-space, allowing unprivileged users to access resources without proper security descriptors. This flaw may lead to unauthorized access and manipulation of system resources, potentially compromising system integrity. The affected components include XenCons, XenIface, and XenBus, revealing a substantial weakness in access control within those interfaces. Users are advised to implement necessary patches and update to secure their systems against potential exploitation.
Affected Version(s)
Windows PV drivers Windows all
References
CVSS V4
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Tu Dinh of Vates