๐Ÿ” CVE Alert

CVE-2025-27462

UNKNOWN 0.0

WinPVDrivers: Excessive permissions on user-exposed devices

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

CWE CWE-276
Vendor xen
Product windows pv drivers
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for xen windows pv drivers

Be the first to know when new unknown vulnerabilities affecting xen windows pv drivers are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Xen / Windows PV drivers
all

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
xenbits.xen.org: https://xenbits.xen.org/xsa/advisory-468.html

Credits

This issue was discovered by Tu Dinh of Vates