CVE-2025-27462
Deferred Deferred - Pending Action

Privilege Escalation in Xen PV Drivers

Vulnerability report for CVE-2025-27462, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Xen Project

Description

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
xen xencons *
xen xeniface *
xen xenbus *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

Immediate mitigation involves applying security descriptors to the affected devices to restrict access from unprivileged users.

For a related vulnerability (CVE-2025-27463), a PowerShell script is available that inserts security descriptors into the registry and updates device objects to mitigate the issue.

Therefore, applying similar mitigationsβ€”such as running provided PowerShell scripts or patches that restrict device access permissionsβ€”should be done as soon as possible.

Additionally, deploying official patches from the vendor once available is recommended to fully resolve the vulnerability.

Executive Summary

The vulnerability CVE-2025-27462 relates to the Windows PV drivers, specifically the XenCons component. These drivers expose various facilities to userspace, and several of these facilities, including XenCons, have no security descriptor. This means they are fully accessible to unprivileged users, potentially allowing unauthorized access or actions.

Impact Analysis

Because the XenCons facility in the Windows PV drivers lacks a security descriptor, unprivileged users can access it fully. This could lead to unauthorized access or manipulation of the system components exposed by these drivers, potentially compromising system integrity, confidentiality, or availability.

Detection Guidance

The vulnerability relates to Windows PV drivers exposing devices without security descriptors, allowing unprivileged users access. Detection involves checking the permissions of the XenCons device exposed by the Windows PV drivers.

While no specific detection commands for CVE-2025-27462 are provided, a similar vulnerability (CVE-2025-27463) affecting XenIface can be detected by inspecting device permissions in the Windows registry or device manager.

For example, on a Windows system, you can use PowerShell commands to check device security descriptors or permissions. Commands such as Get-Acl on device registry keys or using tools like Device Manager to inspect device permissions might help identify exposed devices.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-27462. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart