← back
CVE-2025-21333

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 9.7%● KEVCWE-122
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 9.7%KEV simPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
14 Jan 2025Active exploitation (CISA KEV)
14 Jan 2025Published on NVD
27 Feb 2025Public PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A security flaw in Windows Hyper-V's kernel integration component allows an attacker with local access to gain higher system privileges than they should have. This is dangerous because it can lead to complete control of the computer.

Technical detail

This elevation of privilege vulnerability exists in the Hyper-V NT Kernel Integration VSP (virtualization service provider) component. An attacker with local system access can exploit a privilege escalation flaw to obtain elevated kernel-level permissions, potentially leading to full system compromise and unauthorized access to sensitive resources.

Summary generated and translated by AI from the official description.
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 21H2Microsoft · Windows 10 Version 22H2Microsoft · Windows 11 version 22H2Microsoft · Windows 11 version 22H3Microsoft · Windows 11 Version 23H2Microsoft · Windows 11 Version 24H2Microsoft · Windows Server 2022, 23H2 Edition (Server Core installation)Microsoft · Windows Server 2025Microsoft · Windows Server 2025 (Server Core installation)
public PoCs found4
githubgithub.com/MrAle98/CVE-2025-21333-POC234githubgithub.com/nu1lptr0/CVE-2025-2133322githubgithub.com/aleongx/KQL_sentinel_CVE-2025-213330cve_referencewww.exploit-db.com/exploits/52436unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21333https://www.exploit-db.com/exploits/52436https://www.vicarius.io/vsociety/posts/cve-2025-21333-elevated-privilege-exposure-in-windows-hyper-v-by-microsoft-detection-scripthttps://www.vicarius.io/vsociety/posts/cve-2025-21333-elevated-privilege-exposure-in-windows-hyper-v-by-microsoft-mitigation-script