Cyber Resilience

CVE-2025-21333

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
03 November 2025
KEV Added
14 January 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7921 99.1th percentile
Risk Priority 83 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21333 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-21333 is an elevation of privilege vulnerability in the Windows Hyper-V NT Kernel Integration VSP component. It carries a CVSS 3.1 score of 7.8 and is associated with CWE-122, indicating a local attack vector that requires low privileges and no user interaction to achieve full compromise of confidentiality, integrity, and availability on affected systems.

An attacker with local access and limited privileges can exploit the flaw to escalate rights within the Hyper-V environment, potentially gaining control over kernel-level integration services and the underlying host.

Microsoft's advisory at msrc.microsoft.com provides official guidance and patches, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog. Public resources from Vicarius include both detection and mitigation scripts, and Exploit-DB lists a corresponding proof-of-concept.

The vulnerability shows a high EPSS score with a current value of 0.7921 and a peak of 0.8228, consistent with documented real-world exploitation activity.

EU & UK References

Vulnerability details

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
14 January 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a local elevation of privilege vulnerability in the Windows Hyper-V NT Kernel Integration VSP component, directly matching T1068 as an exploit that allows a low-privileged attacker to gain high-impact elevated privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21334Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-21335Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-21418Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-24066Same product: Microsoft Windows 10 21H2
CVE-2026-33841Same product: Microsoft Windows 10 21H2
CVE-2025-26634Same product: Microsoft Windows 10 21H2
CVE-2025-62215Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-62221Same product: Microsoft Windows 10 21H2both on KEV
CVE-2026-20864Same product: Microsoft Windows 10 21H2
CVE-2025-24067Same product: Microsoft Windows 10 21H2

Affected Assets

microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894
microsoft
windows server 2022 23h2
≤ 10.0.25398.1369
microsoft
windows server 2025
≤ 10.0.26100.2894

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-21333 by requiring timely patching of the Hyper-V NT Kernel Integration VSP elevation of privilege vulnerability.

prevent

Provides memory protections that mitigate heap-based buffer overflow exploits (CWE-122) underlying the privilege escalation in Hyper-V.

prevent

Enforces least privilege to restrict low-privileged local attackers from accessing or exploiting the Hyper-V VSP component.

References