🟢 CVE-2025-21334

CVE-2025-21334 is a local privilege escalation vulnerability in Windows Hyper-V NT Kernel Integration VSP component with a use-after-free flaw. Despite being in CISA KEV indicating active exploitation, it requires local access and authenticated user privileges to exploit.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-01-14

Added to CISA KEV: 2025-01-14 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-21334 is a high-severity Elevation of Privilege (EoP) vulnerability affecting the Windows Hyper-V NT Kernel Integration VSP (Virtualization Service Provider) [2] [3].

Key Details
  • Active Exploitation: This vulnerability has been confirmed as exploited in the wild [5]. It is listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog, which mandates action for federal agencies and highlights its active use by threat actors [4].
  • Attack Method & Requirements:
* Access: It is a local exploitation vulnerability [3]. * Interaction: While specific details on user interaction requirements are often limited for such kernel-level flaws, EoP vulnerabilities of this nature typically require the attacker to already have a foothold on the system (e.g., via a separate initial access vector) to execute the exploit code.
  • Impact: Successful exploitation allows an attacker to elevate their privileges on the affected system [3]. This typically grants the attacker higher-level access (often SYSTEM or kernel-level), enabling them to bypass security controls, install persistent malware, or move laterally within the network.
  • Campaign Usage: While it is known to be exploited in the wild, specific details linking it to named ransomware groups or specific targeted campaigns are not publicly detailed in standard vulnerability databases. However, its inclusion in the CISA KEV catalog indicates it is a significant threat used in real-world attacks.
  • Exploit Availability: As a vulnerability actively exploited in the wild, exploit code or techniques are known to threat actors. Publicly available, ready-to-use proof-of-concept (PoC) tools may exist in security research circles, but organizations should assume that functional exploits are in the hands of malicious actors.
  • Patch & Mitigation Status:
* Patch: Microsoft released security updates to address this vulnerability. Organizations are strongly advised to apply these patches immediately [1]. * Mitigation: In addition to patching, implementing the principle of least privilege is recommended to limit the potential impact of a successful exploit by ensuring that users and processes operate with the minimum necessary permissions [1].

Sources

  1. CVE-2025-21334 - Exploits & Severity - Feedly

    Mitigation 1. Apply the official patch released by Microsoft immediately. This should be the top priority given the severity and active exploitation of the vulnerability. 2. Implement the principle of least privilege, ensuring that users and processes have only the minimum necessary permissions. Thi…

  2. CVE-2025-21334 | High Vulnerability in Microsoft Windows Hyper-V

    High-severity privilege escalation in Microsoft Windows Hyper-V. Local exploitation with high impact. Organizations must patch immediately to ... High-severity privilege escalation in Microsoft Windows Hyper-V. Local exploitation with high impact. Organizations must patch immediately to secure their…

  3. CVE-2025-21334 Detail - NVD

    CVE-2025-21334 Detail Description Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability Metrics ... CVE-2025-21334 Detail Description Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability…

  4. NVD - CVE-2025-21334

    Microsoft Corporation. Patch Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21334.Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements. Vulnerability Name. Date Added.

  5. CVE-2024-49147 - Exploits & Severity - Feedly

    Feedly estimated the CVSS as HIGH based on the CVE details, attack complexity, and exploit information. ... This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. ... 3 exploited in the wild: EoP – Windows Hyper-V NT Kerne…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed