Vulnerability in Windows PV Drivers Exposing User Facilities
CVE-2025-27463

9.4CRITICAL

Key Information:

Vendor
CVE Published:
9 July 2026

What is CVE-2025-27463?

This vulnerability arises from inadequate security descriptors in various facilities provided by the Windows PV drivers, rendering them accessible to users with unprivileged accounts. Specifically, components such as XenIface lack proper restrictions, leading to potential exploitation by unauthorized users. Such exposure allows intruders to manipulate system interactions which can jeopardize overall system integrity and security.

Affected Version(s)

Windows PV drivers Windows all

References

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Tu Dinh of Vates
.