CVE-2025-27463
Deferred Deferred - Pending Action

Unprivileged Access to Xen PV Drivers in Windows

Vulnerability report for CVE-2025-27463, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Xen Project

Description

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
xen xeniface *
xen xenbus *
xen xencons *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how CVE-2025-27463 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-27463 is a vulnerability in the XenIface driver of the Windows PV drivers used in virtual machines. The issue arises because the XenIface driver exposes facilities to userspace without proper security descriptors, making them fully accessible to unprivileged users inside a guest virtual machine.

This lack of security controls allows unprivileged users to escalate their privileges to that of the guest kernel, effectively gaining higher-level access than intended.

Impact Analysis

If you are running a Windows virtual machine with the affected Windows PV drivers, this vulnerability allows unprivileged users within the guest VM to escalate their privileges to the guest kernel level.

This privilege escalation can lead to unauthorized control over the guest operating system, potentially allowing attackers to execute arbitrary code, access sensitive data, or disrupt system operations.

Detection Guidance

The vulnerability affects the XenIface driver in Windows virtual machines running the Windows PV drivers. Detection involves checking if the XenIface driver is present and if it has excessive permissions allowing unprivileged users to escalate privileges.

A practical approach is to inspect the security descriptors of the XenIface device objects in the Windows registry and device manager.

Using PowerShell, you can query the registry keys related to the XenIface driver to check for missing or overly permissive security descriptors.

  • Use PowerShell to list device objects and their security descriptors related to XenIface.
  • Example command: Get-WmiObject Win32_PnPEntity | Where-Object { $_.Name -like '*XenIface*' }
  • Check registry keys for XenIface security descriptors using: Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\XenIface' or related paths.
Mitigation Strategies

Immediate mitigation involves applying the provided patches or using the PowerShell script made available to insert proper security descriptors into the registry and device objects for the XenIface driver.

This will restrict access to the XenIface device, preventing unprivileged users from escalating privileges.

If patches cannot be applied immediately, running the mitigation PowerShell script is recommended to reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-27463. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart