CVE-2025-49683

HIGH

Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Local Code Execution via VHDX Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-49683. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This PowerShell script demonstrates a soft corruption vulnerability in Microsoft Virtual Hard Disk (VHDX) handling (CVE-2025-49683) by creating, corrupting, and remounting a VHDX file to trigger system instability or potential RCE via a crafted batch file.

Description

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · textlocalwindows

https://www.exploit-db.com/exploits/52394

View Code ZIP pw:eip

This PowerShell script demonstrates a soft corruption vulnerability in Microsoft Virtual Hard Disk (VHDX) handling (CVE-2025-49683) by creating, corrupting, and remounting a VHDX file to trigger system instability or potential RCE via a crafted batch file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 11 (VHDX handling)

Auth required

Prerequisites: Administrative privileges · PowerShell execution policy allowing script execution

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49683

Scores

CVSS v3 7.8

EPSS 0.0169

EPSS Percentile 82.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-190 CWE-122

Status published

Products (17)

microsoft/windows_10_1507 < 10.0.10240.21073 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.8246 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.7558 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.6093

microsoft/windows_10_22h2 < 10.0.19045.6093

microsoft/windows_11_22h2 < 10.0.22621.5624

microsoft/windows_11_23h2 < 10.0.22631.5624

microsoft/windows_11_24h2 < 10.0.26100.4652

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

... and 7 more

Published Jul 08, 2025

Tracked Since Feb 18, 2026