Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an authorized attacker to execute code over an adjacent network.
MSRC compact vulnerability detail
CVE-2025-48822 · Windows Hyper-V Discrete Device Assignment (DDA) Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Signals
Role: Windows Hyper-V
Remote Code Execution
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
FAQ / Articles
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into importing an INF file.
Windows Hyper-V Remote Code Execution Vulnerability
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.