SB2025081267 - Multiple vulnerabilities in Microsoft Windows Hyper-V 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025081267

SB2025081267 - Multiple vulnerabilities in Microsoft Windows Hyper-V

Published: August 12, 2025

Security Bulletin ID SB2025081267
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Missing Synchronization (CVE-ID: CVE-2025-49751)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing synchronization in Windows Hyper-V. A remote user on the local network can cause a denial of service condition on the target system.


2) Improper restriction of communication channel to intended endpoints (CVE-ID: CVE-2025-48807)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to improper restriction of communication channel to intended endpoints Windows Hyper-V. A local user can execute arbitrary code on the system.


3) Numeric Truncation Error (CVE-ID: CVE-2025-53723)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to numeric truncation error in Windows Hyper-V. A local user can gain elevated privileges on the system.


4) Heap-based buffer overflow (CVE-ID: CVE-2025-53155)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows Hyper-V. A local user can use a specially crafted vhdx file, trigger a heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Race condition (CVE-ID: CVE-2025-50167)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Windows Hyper-V. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


Remediation

Install update from vendor's website.

References