CVE-2025-21335

high

Description

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

From the Tenable Blog

Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

Published: 2025-01-14

Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21335

https://www.securityweek.com/microsoft-patches-trio-of-exploited-windows-hyper-v-zero-days/

https://www.tenable.com/blog/microsofts-january-2025-patch-tuesday-157-cves-cve-2025-21333-cve-2025-21334-cve-2025-21335

Details

Source: Mitre, NVD

Published: 2025-01-14

Updated: 2025-01-15

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.08254

Detections

Analytics