FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
MSRC compact vulnerability detail
CVE-2025-21334 · Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
No description was published by MSRC.
Signals
Windows Hyper-V NT Kernel Integration VSP
Elevation of Privilege
Exploited: Yes
Publicly disclosed: No
Exploitability: Exploitation Detected
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
No description was published by MSRC.
FAQ / Articles
FAQ
Does this vulnerability exist in the Hyper-V server? No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation. Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability. Is this a guest to host type of vulnerability? No, this is a local elevation of privilege, not any type of guest to host escape.