CVE-2025-21370: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Overview
- Severity
- High (CVSS 7.8)
- CVSS Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2025-Jan
- Released
- 2025-01-14
- Last Updated
- 2026-04-01
- EPSS Score
- 0.59% (percentile: 69.3%)
FAQ
What privileges would an attacker gain by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could potentially leak data from the target enclave or execute code within the context of the target enclave.
Are there any additional steps that I need to follow to be protected from this vulnerability?
The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.
Affected Products (6)
ESU
- Windows 11 Version 22H2 for ARM64-based Systems
- Windows 11 Version 22H2 for x64-based Systems
Windows
- Windows 11 Version 23H2 for ARM64-based Systems
- Windows 11 Version 23H2 for x64-based Systems
- Windows 11 Version 24H2 for ARM64-based Systems
- Windows 11 Version 24H2 for x64-based Systems
Security Updates (2)
Acknowledgments
Alex Ionescu, working for Winsider Seminars & Solutions, Inc.
Revision History
- 2025-01-14: Information published. This CVE was addressed by updates that were released in August 2024, but the CVE was inadvertently omitted from the August 2024 Security Updates. This is an informational change only. Customers who have already installed the August 2024 updates do not need to take any further action.
- 2026-04-01: Corrected Fixed Build Number and Download links in the Security Updates table. This is an informational change only.