CVE-2025-47999
published 2025-07-08CVE-2025-47999: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
PriorityP428medium6.8CVSS 3.1
AVAACLPRLUINSCCNINAH
EPSS
0.37%
28.3th percentile
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1607 | < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_10_1809 | < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_10_21h2 | < 10.0.19044.6093 | 10.0.19044.6093 |
| microsoft | windows_10_22h2 | < 10.0.19045.6093 | 10.0.19045.6093 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6093 | 10.0.19044.6093 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6093 | 10.0.19045.6093 |
| microsoft | windows_11_22h2 | < 10.0.22621.5624 | 10.0.22621.5624 |
| microsoft | windows_11_23h2 | < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_24h2 | < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5624 | 10.0.22621.5624 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_server_2016 | < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_server_2019 | < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_server_2022 | < 10.0.20348.3932 | 10.0.20348.3932 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3932 | 10.0.20348.3932 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1732 | 10.0.25398.1732 |
| microsoft | windows_server_2025 | < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.4652 | 10.0.26100.4652 |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
vendor_msrc6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Hyper-V Denial of Service Vulnerability
vendor_msrc·2025-07-08·CVSS 6.8
CVE-2025-47999 [MEDIUM] CWE-820 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Description: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.
Role: Windows Hyper-V: Role: Windows Hyper-V
Microsoft: Microsoft
Customer Action
GHSA
GHSA-gqvp-4x8m-w6w2: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network
ghsa_unreviewed·2025-07-08
CVE-2025-47999 [MEDIUM] CWE-820 GHSA-gqvp-4x8m-w6w2: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review | Qualys
blogs_qualys·2025-07-08
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for July 2025
- Adobe Patches for July 2025
- Zero-day Vulnerability Patched in July Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Audit
- Microsoft July 2025 Patch Tuesday Mitigations
- Qualys Monthly Webinar Series
With cybersecurity threats continuing to evolve, Microsoft’s July 2025 Patch Tuesday highlights the need for consistent patching — this month’s release includes key fixes for actively exploited vulnerabilities. Here’s a
Qualys
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review
blogs_qualys·2025-07-08
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for July 2025
Adobe Patches for July 2025
Zero-day Vulnerability Patched in July Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Audit
Microsoft July 2025 Patch Tuesday Mitigations
Qualys Monthly Webinar Series
With cybersecurity threats continuing to evolve, Microsoft’s July 2025 Patch Tuesday highlights the need for consistent patching — this month’s release includes key fixes for actively exploited vulnerabilities. Here’s a quick breakdo
2025-07-08
Published