CVE-2025-21335
Published: 14 January 2025
Summary
CVE-2025-21335 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 7.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21335 is a use-after-free vulnerability (CWE-416) in the Windows Hyper-V NT Kernel Integration VSP component. It carries a CVSS 3.1 base score of 7.8 and affects the Hyper-V virtualization stack on supported Windows systems.
A local attacker with low privileges can exploit the flaw without user interaction to elevate privileges, resulting in full control over confidentiality, integrity, and availability on the host.
Microsoft has published remediation guidance through its Security Response Center, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, indicating that official patches and mitigation steps are available for affected Hyper-V deployments.
EPSS scores rose from a low baseline to a recorded peak of 0.0989, signaling emerging exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2400
Vulnerability details
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 14 January 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local elevation of privilege vulnerability (use-after-free in Hyper-V kernel component) that directly enables T1068 Exploitation for Privilege Escalation to achieve kernel-level access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the Use After Free flaw in Windows Hyper-V VSP by requiring timely application of Microsoft patches as referenced in MSRC and CISA KEV.
Implements memory safeguards such as ASLR and DEP to protect against unauthorized code execution from Use After Free vulnerabilities in Hyper-V kernel components.
Enables proactive identification of the Hyper-V VSP vulnerability through regular scanning, facilitating prompt patching to prevent local privilege escalation.