Description
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]


The Windows PV drivers expose various facilities to userspace. Several
of these have no security descriptor, and are therefore fully accessible
to unprivileged users. These are:

1. XenCons, CVE-2025-27462
2. XenIface, CVE-2025-27463
3. XenBus, CVE-2025-27464
Published: 2026-07-09
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 15:45:00 +0000

Type Values Removed Values Added
Description [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464
Title WinPVDrivers: Excessive permissions on user-exposed devices
Weaknesses CWE-276
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: XEN

Published:

Updated: 2026-07-09T16:06:58.873Z

Reserved: 2025-02-26T09:16:54.461Z

Link: CVE-2025-27462

cve-icon Vulnrichment

Updated: 2026-07-09T16:06:56.517Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses