Jul 2025: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-49689 Published on July 8, 2025

Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Vendor Advisory NVD

Weakness Types

Integer Overflow or Wraparound

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.

Out-of-bounds Read

The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.

Untrusted Pointer Dereference

The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Products Associated with CVE-2025-49689

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Windows Server 2008

Microsoft Windows Server 2012

Microsoft Windows Server 2025

Microsoft Windows 10 1507

Microsoft Windows 10

Microsoft Windows 11

Microsoft Windows 11 23h2

Microsoft Windows 11 24h2

Microsoft Windows Server 2016

Microsoft Windows Server 2019

Microsoft Windows Server 2022

Microsoft Windows Server 2022 23h2

Microsoft Windows

Microsoft Windows Server 23h2

Microsoft Windows Server 2008 Sp2

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2012 R2

Affected Versions

Microsoft Windows 10 Version 1507:

Version 10.0.10240.0 and below 10.0.10240.21073 is affected.

Microsoft Windows 10 Version 1607:

Version 10.0.14393.0 and below 10.0.14393.8246 is affected.

Microsoft Windows 10 Version 1809:

Version 10.0.17763.0 and below 10.0.17763.7558 is affected.

Microsoft Windows 10 Version 21H2:

Version 10.0.19044.0 and below 10.0.19044.6093 is affected.

Microsoft Windows 10 Version 22H2:

Version 10.0.19045.0 and below 10.0.19045.6093 is affected.

Microsoft Windows 11 version 22H2:

Version 10.0.22621.0 and below 10.0.22621.5624 is affected.

Microsoft Windows 11 version 22H3:

Version 10.0.22631.0 and below 10.0.22631.5624 is affected.

Microsoft Windows 11 Version 23H2:

Version 10.0.22631.0 and below 10.0.22631.5624 is affected.

Microsoft Windows 11 Version 24H2:

Version 10.0.26100.0 and below 10.0.26100.4652 is affected.

Microsoft Windows Server 2008 R2 Service Pack 1:

Version 6.1.7601.0 and below 6.1.7601.27820 is affected.

Microsoft Windows Server 2008 R2 Service Pack 1 (Server Core installation):

Version 6.1.7601.0 and below 6.1.7601.27820 is affected.

Microsoft Windows Server 2008 Service Pack 2:

Version 6.0.6003.0 and below 6.0.6003.23418 is affected.

Microsoft Windows Server 2008 Service Pack 2 (Server Core installation):

Version 6.0.6003.0 and below 6.0.6003.23418 is affected.

Microsoft Windows Server 2012:

Version 6.2.9200.0 and below 6.2.9200.25573 is affected.

Microsoft Windows Server 2012 (Server Core installation):

Version 6.2.9200.0 and below 6.2.9200.25573 is affected.

Microsoft Windows Server 2012 R2:

Version 6.3.9600.0 and below 6.3.9600.22676 is affected.

Microsoft Windows Server 2012 R2 (Server Core installation):

Version 6.3.9600.0 and below 6.3.9600.22676 is affected.

Microsoft Windows Server 2016:

Version 10.0.14393.0 and below 10.0.14393.8246 is affected.

Microsoft Windows Server 2016 (Server Core installation):

Version 10.0.14393.0 and below 10.0.14393.8246 is affected.

Microsoft Windows Server 2019:

Version 10.0.17763.0 and below 10.0.17763.7558 is affected.

Microsoft Windows Server 2019 (Server Core installation):

Version 10.0.17763.0 and below 10.0.17763.7558 is affected.

Microsoft Windows Server 2022:

Version 10.0.20348.0 and below 10.0.20348.3932 is affected.

Microsoft Windows Server 2022, 23H2 Edition (Server Core installation):

Version 10.0.25398.0 and below 10.0.25398.1732 is affected.

Microsoft Windows Server 2025:

Version 10.0.26100.0 and below 10.0.26100.4652 is affected.

Microsoft Windows Server 2025 (Server Core installation):

Version 10.0.26100.0 and below 10.0.26100.4652 is affected.

Exploit Probability

EPSS

0.08%

Percentile

23.64%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jul 2025: Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityCVE-2025-49689 Published on July 8, 2025