PoC Released for Windows Hyper-V SYSTEM Privilege Exploit
gbhackersSecurity researchers have publicly disclosed a proof-of-concept (PoC) exploit for CVE-2025-21333, a critical elevation-of-privilege vulnerability in Microsoft’s Hyper-V virtualization framework.
The vulnerability resides in the vkrnlintvsp.sys driver and enables local attackers to gain SYSTEM privileges through a sophisticated heap manipulation technique.
Microsoft rated this flaw as Important (7.8 CVSSv3) in its January 2025 advisory.
Vulnerability Overview
According to a GitHub report, the vulnerability stems from a heap-based buffer overflow (CWE-122) in the NT Kernel & System component of Hyper-V’s virtualization service provider.
Attackers can exploit this flaw by crafting malicious I/O Request Packet (IRP) operations that overwrite critical memory structures in the Windows paged pool. Successful exploitation allows:
- Arbitrary read/write capabilities in kernel memory
- Direct manipulation of process tokens
- Privilege escalation from standard users to SYSTEM
The exploit leverages Windows I/O Rings, a high-performance I/O mechanism introduced in Windows 11 22H2.
By ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE