CVE-2025-27464
Deferred Deferred - Pending Action

Unprivileged Access to Windows PV Driver Facilities

Vulnerability report for CVE-2025-27464, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Xen Project

Description

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
xen xencons *
xen xeniface *
xen xenbus *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability involves the Windows PV drivers, specifically the XenBus component (CVE-2025-27464), which expose various facilities to userspace without proper security descriptors. This means that these facilities are fully accessible to unprivileged users, potentially allowing unauthorized access or actions.

Compliance Impact

The provided information does not specify how CVE-2025-27464 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

Because the XenBus facilities lack security descriptors and are accessible to unprivileged users, an attacker could exploit this to gain unauthorized access or perform actions with elevated privileges. This could lead to compromise of system integrity, confidentiality, or availability.

Detection Guidance

The vulnerability affects the XenBus Windows PV driver, which is fully accessible to unprivileged users due to missing security descriptors. Detection involves checking if the XenBus driver is present and whether its security descriptors are missing or improperly configured.

While no specific detection commands for CVE-2025-27464 are provided, similar vulnerabilities in related drivers (like XenIface) can be checked using PowerShell scripts that inspect registry entries and device objects for security descriptor settings.

You can use PowerShell commands to list device objects and check their security descriptors. For example, commands like `Get-PnpDevice` or querying the registry keys related to the XenBus driver might help identify if the driver is exposed without proper security.

Mitigation Strategies

Immediate mitigation involves applying security descriptors to the affected Windows PV drivers to restrict access from unprivileged users.

For related vulnerabilities such as CVE-2025-27463, a PowerShell script is available that inserts security descriptors into the registry and updates device objects to mitigate the issue. Similar mitigation steps are expected for CVE-2025-27464.

Applying official patches provided by the vendor once available is critical. Until then, running the provided PowerShell mitigation scripts is recommended to reduce the risk of privilege escalation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-27464. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart