Cyber Resilience

CVE-2025-21334

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 January 2025

Published
14 January 2025
Modified
27 October 2025
KEV Added
14 January 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0580 90.7th percentile
Risk Priority 39 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21334 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 9.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21334 is a use-after-free vulnerability (CWE-416) in the Windows Hyper-V NT Kernel Integration VSP component. It carries a CVSS 3.1 score of 7.8 and affects the Hyper-V virtualization stack on supported Windows systems, allowing an attacker who already has local access to corrupt kernel memory.

A local attacker with low privileges can exploit the flaw without user interaction to escalate to SYSTEM-level privileges, resulting in full control over confidentiality, integrity, and availability of the host. The attack vector is strictly local and targets the kernel integration path between guest and host environments.

Microsoft has published guidance at the MSRC update guide for CVE-2025-21334, and the vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, indicating that patches or configuration mitigations are tracked through standard Windows update channels.

EPSS for the CVE rose from a low baseline to a recorded peak of 0.0756, demonstrating measurable post-disclosure exploitation interest that warrants renewed monitoring by defenders.

EU & UK References

Vulnerability details

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
14 January 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free vulnerability in Hyper-V kernel component enabling direct privilege escalation from low-privileged local access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21335Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-62221Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-21333Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-21367Same product: Microsoft Windows 10 21H2
CVE-2026-32155Same product: Microsoft Windows 10 21H2
CVE-2026-20871Same product: Microsoft Windows 10 21H2
CVE-2026-26132Same product: Microsoft Windows 10 21H2
CVE-2026-20923Same product: Microsoft Windows 10 21H2
CVE-2025-62215Same product: Microsoft Windows 10 21H2both on KEV
CVE-2026-20865Same product: Microsoft Windows 10 21H2

Affected Assets

microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751 · ≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751 · ≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894 · ≤ 10.0.26100.2894
microsoft
windows server 2022 23h2
≤ 10.0.25398.1369
microsoft
windows server 2025
≤ 10.0.26100.2894

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the Use After Free flaw in Windows Hyper-V by requiring timely application of vendor patches.

prevent

Implements memory safeguards such as DEP and ASLR to protect against exploitation of the Use After Free vulnerability in the Hyper-V kernel component.

prevent

Enforces least privilege to restrict low-privilege local attackers from gaining the initial access needed to exploit the elevation vulnerability.

References