CVE-2025-21335 vulnerability in Microsoft Products
Published on January 14, 2025
Known Exploited Vulnerability
This Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
The following remediation steps are recommended / required by February 4, 2025: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2025-21335 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2025-21335 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2025-21335
You can be notified by stack.watch whenever vulnerabilities like CVE-2025-21335 are published in these products:
What versions are vulnerable to CVE-2025-21335?
-
Microsoft Windows Server 2025
Fixed in Version 10.0.26100.2894
-
Microsoft Windows 11 24h2
Fixed in Version 10.0.26100.2894
x64
-
Microsoft Windows 11 24h2
Fixed in Version 10.0.26100.2894
arm64
-
Microsoft Windows Server 2022 23h2
Fixed in Version 10.0.25398.1369
-
Microsoft Windows 11 23h2
Fixed in Version 10.0.22631.4751
x64
-
Microsoft Windows 11 22h2
Fixed in Version 10.0.22621.4751
x64
-
Microsoft Windows 10 21h2
Fixed in Version 10.0.19044.5371
x64
-
Microsoft Windows 10 22h2
Fixed in Version 10.0.19045.5371
x64
-
Microsoft Windows 11 22h2
Fixed in Version 10.0.22621.4751
arm64
-
Microsoft Windows 11 23h2
Fixed in Version 10.0.22621.4751
arm64