Cyber Resilience

CVE-2025-21335

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 January 2025

Published
14 January 2025
Modified
27 October 2025
KEV Added
14 January 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0765 92.1th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21335 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 7.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21335 is a use-after-free vulnerability (CWE-416) in the Windows Hyper-V NT Kernel Integration VSP component. It carries a CVSS 3.1 base score of 7.8 and affects the Hyper-V virtualization stack on supported Windows systems.

A local attacker with low privileges can exploit the flaw without user interaction to elevate privileges, resulting in full control over confidentiality, integrity, and availability on the host.

Microsoft has published remediation guidance through its Security Response Center, and the vulnerability appears in CISA’s catalog of known exploited vulnerabilities, indicating that official patches and mitigation steps are available for affected Hyper-V deployments.

EPSS scores rose from a low baseline to a recorded peak of 0.0989, signaling emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
14 January 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a local elevation of privilege vulnerability (use-after-free in Hyper-V kernel component) that directly enables T1068 Exploitation for Privilege Escalation to achieve kernel-level access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21334Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-62221Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-21333Same product: Microsoft Windows 10 21H2both on KEV
CVE-2025-21367Same product: Microsoft Windows 10 21H2
CVE-2026-32155Same product: Microsoft Windows 10 21H2
CVE-2026-20871Same product: Microsoft Windows 10 21H2
CVE-2026-26132Same product: Microsoft Windows 10 21H2
CVE-2026-20923Same product: Microsoft Windows 10 21H2
CVE-2025-62215Same product: Microsoft Windows 10 21H2both on KEV
CVE-2026-20865Same product: Microsoft Windows 10 21H2

Affected Assets

microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751 · ≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751 · ≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894 · ≤ 10.0.26100.2894
microsoft
windows server 2022 23h2
≤ 10.0.25398.1369
microsoft
windows server 2025
≤ 10.0.26100.2894

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the Use After Free flaw in Windows Hyper-V VSP by requiring timely application of Microsoft patches as referenced in MSRC and CISA KEV.

prevent

Implements memory safeguards such as ASLR and DEP to protect against unauthorized code execution from Use After Free vulnerabilities in Hyper-V kernel components.

prevent

Enables proactive identification of the Hyper-V VSP vulnerability through regular scanning, facilitating prompt patching to prevent local privilege escalation.

References