Exposure of Windows PV Drivers Allowing Unauthorized Access
CVE-2025-27464
9.4CRITICAL
What is CVE-2025-27464?
The Windows PV drivers are designed to facilitate communication between the Xen hypervisor and Windows virtual machines. However, certain components, such as XenBus, lack appropriate security descriptors, making them accessible to unprivileged users. This vulnerability enables unauthorized access, potentially compromising the security of the virtual environment. It highlights the need for robust access controls and security measures to protect sensitive systems.
Affected Version(s)
Windows PV drivers Windows all
References
CVSS V4
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was discovered by Tu Dinh of Vates