Out-of-Bounds Read Vulnerability in Windows Hyper-V by Microsoft
CVE-2025-48822

8.6HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-48822?

An out-of-bounds read vulnerability exists in Windows Hyper-V that can be exploited by an unauthorized attacker, potentially allowing the execution of malicious code on the affected system. This vulnerability targets the software's ability to manage resources, particularly regarding the Discrete Device Assignment feature, which may lead to security breaches if exploited. Users are advised to apply available patches and updates to minimize the risk of exploitation.

Affected Version(s)

Windows 10 Version 1607 x64-based Systems 10.0.14393.0 < 10.0.14393.8246

Windows 10 Version 1809 x64-based Systems 10.0.17763.0 < 10.0.17763.7558

Windows 10 Version 21H2 x64-based Systems 10.0.19044.0 < 10.0.19044.6093

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
May 26, 2025