Vulnerability in Windows PV Drivers Exposing User Facilities
CVE-2025-27463
9.4CRITICAL
What is CVE-2025-27463?
This vulnerability arises from inadequate security descriptors in various facilities provided by the Windows PV drivers, rendering them accessible to users with unprivileged accounts. Specifically, components such as XenIface lack proper restrictions, leading to potential exploitation by unauthorized users. Such exposure allows intruders to manipulate system interactions which can jeopardize overall system integrity and security.
Affected Version(s)
Windows PV drivers Windows all
References
CVSS V4
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Tu Dinh of Vates