CVE-2025-21370

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 20

Summary

CVE-2025-21370 is a newly disclosed vulnerability affecting Windows Virtualization-Based Security (VBS) Enclaves. This elevation of privilege issue grants attackers the ability to escalate their privileges within the VBS environment, potentially compromising the host system. Successful exploitation of this vulnerability could allow an attacker to gain higher levels of access than intended, posing a significant threat to system security. Microsoft has released a security update to address this issue, and it is strongly recommended that affected systems be updated as soon as possible. Additionally, users should practice good security hygiene, such as using strong passwords and keeping software up-to-date, to mitigate risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 11

Affected Vendors

  • Microsoft