CVE-2025-21370: 
vulnerability analysis and mitigation

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability (CVE-2025-21370) was disclosed on January 14, 2025. This vulnerability affects multiple versions of Windows 11, including 22H2, 23H2, and 24H2 (NVD).

The vulnerability has received a CVSS v3.1 base score of 8.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H according to NVD's assessment. Microsoft's own assessment rated it slightly lower at 7.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-20 (Improper Input Validation) by Microsoft (NVD).

The vulnerability could allow an attacker to gain elevated privileges in the Windows Virtualization-Based Security (VBS) Enclave. Given the high CVSS scores for confidentiality, integrity, and availability impact, successful exploitation could result in complete compromise of the affected system's security (NVD).

The vulnerability affects Windows 11 versions up to (excluding) 10.0.22621.4751 for 22H2, 10.0.22631.4751 for 23H2, and 10.0.26100.2894 for 24H2. Microsoft has released patches to address this vulnerability (NVD).