What the vulnerability does
01Description
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-21370
HIGH
CVE-2025-21370: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVSS base score
7.8/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Key dates
02Disclosure timeline
January 14, 2025
CVE published
June 9, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-24409 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml()
CVE-2020-15709 add-apt-repository print ASNI terminal codes
CVE-2020-15234 Redirect URL matching ignores character casing
CVE-2024-42424
CVE-2026-21506 iccDEV is Vulnerable to Null Pointer Dereference in CIccProfileXml::ParseBasic() Leading to Denial of Service
