🟢 CVE-2025-21335

This is a local privilege escalation vulnerability in Windows Hyper-V's NT Kernel Integration VSP component affecting multiple Windows versions. The vulnerability requires local access and low-level privileges to exploit, making it unsuitable for direct internet exploitation.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-01-14

Added to CISA KEV: 2025-01-14 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-21335 is a critical security vulnerability affecting the Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP) [1] [2].

The following details summarize what is known about this vulnerability:

Active Exploitation and Threat Actor Usage
  • Active Exploitation: Yes, CVE-2025-21335 has been identified as being actively exploited by threat actors in the wild [1].
  • CISA Status: Due to evidence of active exploitation, this vulnerability was added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog [3].
Attack Method and Requirements
  • Vulnerability Type: Elevation of Privilege (EoP) [1] [2].
  • Access Requirements: Successful exploitation typically requires the attacker to already have local access to the Hyper-V host [2].
  • User Interaction: There is no specific indication that user interaction is required for the exploit itself, as it targets a system-level service provider component [2].
Impact
  • System Impact: Successful exploitation allows an attacker to escalate their privileges to `SYSTEM` level [4] [2].
  • Consequences: Once `SYSTEM` privileges are achieved, an attacker can execute arbitrary code, access sensitive data, and potentially move closer to escaping the virtual machine or gaining full control of the host system [4] [5].
Exploit Availability and Campaigns
  • Proof-of-Concept: While the vulnerability is known to be exploited in the wild, specific public proof-of-concept (PoC) code is generally not shared in official advisories to prevent further abuse.
  • Campaigns: While it is confirmed that threat actors are using this in the wild, specific details linking it to named ransomware groups or specific targeted campaigns are not explicitly detailed in the available public security advisories beyond the general warning to patch immediately [1].
Patch and Mitigation Status
  • Patch Status: Microsoft has released security updates to address this vulnerability [2].
  • Recommendation: Organizations are strongly advised to apply the relevant security updates immediately, as the vulnerability is actively exploited and listed in the CISA KEV catalog [3].

Sources

  1. Patch Tuesday January 2025 | Immersive Community - 1392

    This vulnerability, while Microsoft has said the exploitation is less likely, might be an opportunity for threat actors to take advantage of the newer remote ... CVE-2025-21335 - 7.8 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege. Top of the list for patches to apply in the first…

  2. CVE-2025-21335 Description, Impact and Technical Details

    CVE-2025-21335 is a newly disclosed vulnerability affecting the Windows Hyper-V NT Kernel Integration Service. This issue represents an Elevation of Privilege (EoP) vulnerability, allowing an attacker with local access to a Hyper-V host to gain system-level privileges. By exploiting a flaw in the Vi…

  3. CVE-2025-21335 Detail - NVD

    CVE-2025-21335 Detail · Description · Metrics · References to Advisories, Solutions, and Tools · This CVE is in CISA's Known Exploited Vulnerabilities Catalog.

  4. CVE-2025-21335 | High Vulnerability in Microsoft Windows Hyper-V

    This vulnerability allows local attackers to elevate their privileges, potentially leading to unauthorized access to sensitive system resources. ... Risk & Impact Analysis The real-world risk associated with CVE-2025-21335 is significant, particularly for organizations that rely heavily on Microsoft…

  5. CVE-2025-21335 - Exploiting Windows Hyper-V NT Kernel ... - cve.news

    - Microsoft Security Advisory (CVE-2025-21335) - Official Patch Information - Additional Technical Writeup (if/when published) Conclusion CVE-2025-21335 is a real threat for all users of Hyper-V. The bug might look trivial, but the consequences are huge—letting bad actors run code as SYSTEM or move…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed