VDB
BDU%3A2025-00287
BDU%3A2025-00287
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Уязвимость функции VSP Elevation ядра системы аппаратной виртуализации Windows Hyper-V операционных систем Windows, позволяющая нарушителю повысить свои привилегии до уровня SYSTEM
Risk Scores
CVSS 2.0
6.800000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft Corp | Windows 10 21H2, Windows 11 22H2, Windows 10 22H2, Windows 11 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 24H2, Windows Server 2025, Windows Server 2025 (Server Core installation) |
Exploit Intelligence
- LPE due to integer truncation in vskrnlintvsp.sys (github-poc-repo)
- LPE due to integer truncation in vskrnlintvsp.sys (github-poc)
- KQL para deteccion de CVE-2025-21333 en Sentinel (github-poc)
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY (github-poc)
- CVE-2025-21333.yara (github-yara)
- CVE-2025-21333.yara (github-yara)
- HeapOverflowExploitation.hpp (github-poc)
- kev.json (github-poc)
- mkdocs.yml (github-poc)
- data.js (github-poc)
Timeline
- Jan 15, 2025 CVE Published
- Mar 4, 2025 CVE Updated
- Apr 8, 2025 PoC Published
- Mar 20, 2026 Security Advisory