CVE-2025-21333

HIGH KEV

Windows Hyper-V NT Kernel Integration VSP - Elevation of Privilege via Heap-based Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-21333 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 14, 2025. EIP tracks 4 public exploits from researchers including Milad Karimi (Ex3ptionaL), MrAle98, nu1lptr0.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP. It leverages memory corruption techniques to elevate privileges, likely through kernel object manipulation and token stealing.

Description

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Exploits (4)

exploitdb WORKING POC
by Milad Karimi (Ex3ptionaL) · clocalwindows
https://www.exploit-db.com/exploits/52436

This exploit targets a privilege escalation vulnerability in Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP. It leverages memory corruption techniques to elevate privileges, likely through kernel object manipulation and token stealing.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Microsoft Windows Server 2025 Hyper-V
No auth needed
Prerequisites: Access to a vulnerable Windows Server 2025 Hyper-V system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 226 stars
by MrAle98 · remote
https://github.com/MrAle98/CVE-2025-21333-POC

This repository contains a proof-of-concept exploit for CVE-2025-21333, targeting a Windows kernel vulnerability. The code includes structures and functions for kernel exploitation, likely involving privilege escalation via IoRing and other kernel mechanisms.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Theoretical
Target: Microsoft Windows Kernel (specific version not specified)
No auth needed
Prerequisites: Windows system with vulnerable kernel · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by nu1lptr0 · local
https://github.com/nu1lptr0/CVE-2025-21333

This repository contains a functional exploit for CVE-2025-21333, a Windows heap-based buffer overflow vulnerability. The exploit leverages IoRing and pipe spraying techniques to achieve arbitrary read/write primitives, with improvements over the original PoC by MrAle98.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows (specific version not specified)
No auth needed
Prerequisites: Windows system with vulnerable kernel · Ability to execute arbitrary code
devstral-2 · analyzed May 11, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.8
EPSS 0.7921
EPSS Percentile 99.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-01-14
VulnCheck KEV 2025-01-14
ENISA EUVD EUVD-2025-2398
CWE
CWE-122
Status published
Products (16)
Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.5371
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.5371
Microsoft/Windows 11 version 22H2 10.0.22621.0 - 10.0.22621.4751
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.4751
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.4751
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.2894
Microsoft/Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.0 - 10.0.25398.1369
Microsoft/Windows Server 2025 10.0.26100.0 - 10.0.26100.2894
Microsoft/Windows Server 2025 (Server Core installation) 10.0.26100.0 - 10.0.26100.2894
microsoft/windows_10_21h2 < 10.0.19044.5371
... and 6 more
Published Jan 14, 2025
KEV Added Jan 14, 2025
Tracked Since Feb 18, 2026