CVE-2025-21333
Published: 14 January 2025
Summary
CVE-2025-21333 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-21333 is an elevation of privilege vulnerability in the Windows Hyper-V NT Kernel Integration VSP component. It carries a CVSS 3.1 score of 7.8 and is associated with CWE-122, indicating a local attack vector that requires low privileges and no user interaction to achieve full compromise of confidentiality, integrity, and availability on affected systems.
An attacker with local access and limited privileges can exploit the flaw to escalate rights within the Hyper-V environment, potentially gaining control over kernel-level integration services and the underlying host.
Microsoft's advisory at msrc.microsoft.com provides official guidance and patches, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog. Public resources from Vicarius include both detection and mitigation scripts, and Exploit-DB lists a corresponding proof-of-concept.
The vulnerability shows a high EPSS score with a current value of 0.7921 and a peak of 0.8228, consistent with documented real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2398
Vulnerability details
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 14 January 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local elevation of privilege vulnerability in the Windows Hyper-V NT Kernel Integration VSP component, directly matching T1068 as an exploit that allows a low-privileged attacker to gain high-impact elevated privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-21333 by requiring timely patching of the Hyper-V NT Kernel Integration VSP elevation of privilege vulnerability.
Provides memory protections that mitigate heap-based buffer overflow exploits (CWE-122) underlying the privilege escalation in Hyper-V.
Enforces least privilege to restrict low-privileged local attackers from accessing or exploiting the Hyper-V VSP component.