CVE-2025-21335: 
vulnerability analysis and mitigation

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability (CVE-2025-21335) is a use-after-free vulnerability discovered in January 2025. The vulnerability affects Windows Hyper-V's NT Kernel component that manages communication between virtual machines and the host operating system. This vulnerability impacts various versions of Windows 10, Windows 11, and Windows Server systems (Tenable Blog, Help Net Security).

The vulnerability has been assigned a CVSSv3 score of 7.8 (High) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified as a use-after-free vulnerability (CWE-416) in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) (NVD).

Successful exploitation of this vulnerability allows an authenticated, local attacker to elevate privileges to SYSTEM level on compromised Windows and Windows Server machines. This level of access gives attackers complete control over the affected system (Help Net Security).

Microsoft has released security updates to address this vulnerability as part of the January 2025 Patch Tuesday. Organizations are advised to test and deploy these patches quickly to protect their systems (Tenable Blog).