Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2025-47973: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?

An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.

Microsoft Security Response Center
#vulnerability#microsoft#Virtual Hard Disk (VHDX)#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2025-49738: Microsoft PC Manager Elevation of Privilege Vulnerability