CVE-2025-21334
Published: 14 January 2025
Summary
CVE-2025-21334 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 9.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21334 is a use-after-free vulnerability (CWE-416) in the Windows Hyper-V NT Kernel Integration VSP component. It carries a CVSS 3.1 score of 7.8 and affects the Hyper-V virtualization stack on supported Windows systems, allowing an attacker who already has local access to corrupt kernel memory.
A local attacker with low privileges can exploit the flaw without user interaction to escalate to SYSTEM-level privileges, resulting in full control over confidentiality, integrity, and availability of the host. The attack vector is strictly local and targets the kernel integration path between guest and host environments.
Microsoft has published guidance at the MSRC update guide for CVE-2025-21334, and the vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, indicating that patches or configuration mitigations are tracked through standard Windows update channels.
EPSS for the CVE rose from a low baseline to a recorded peak of 0.0756, demonstrating measurable post-disclosure exploitation interest that warrants renewed monitoring by defenders.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2399
Vulnerability details
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 14 January 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local use-after-free vulnerability in Hyper-V kernel component enabling direct privilege escalation from low-privileged local access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the Use After Free flaw in Windows Hyper-V by requiring timely application of vendor patches.
Implements memory safeguards such as DEP and ASLR to protect against exploitation of the Use After Free vulnerability in the Hyper-V kernel component.
Enforces least privilege to restrict low-privilege local attackers from gaining the initial access needed to exploit the elevation vulnerability.