CVE-2025-48807
published 2025-08-12CVE-2025-48807: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1607 | < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_10_1809 | < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_10_21h2 | < 10.0.19044.6093 | 10.0.19044.6093 |
| microsoft | windows_10_22h2 | < 10.0.19045.6093 | 10.0.19045.6093 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.8422 | 10.0.14393.8422 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_11_22h2 | < 10.0.22621.5624 | 10.0.22621.5624 |
| microsoft | windows_11_23h2 | < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_24h2 | < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| microsoft | windows_server_2016 | < 10.0.14393.8246 | 10.0.14393.8246 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.8422 | 10.0.14393.8422 |
| microsoft | windows_server_2019 | < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_server_2022 | < 10.0.20348.3932 | 10.0.20348.3932 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4171 | 10.0.20348.4171 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1732 | 10.0.25398.1732 |
| microsoft | windows_server_2025 | < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
Microsoft
Windows Hyper-V Remote Code Execution Vulnerability
vendor_msrc·2025-08-12·CVSS 6.7
CVE-2025-48807 [MEDIUM] CWE-923 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Description: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
A race condition is triggered when the admin begins administering from the host system and not a guest or nested guest.
FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?
The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.
The vulnerable endpoi
GHSA
GHSA-mf72-879w-mmhr: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally
ghsa_unreviewed·2025-08-12
CVE-2025-48807 [HIGH] CWE-923 GHSA-mf72-879w-mmhr: Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
blogs_bleepingcomputer·2025-08-12·CVSS 7.2
[HIGH] Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
## Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws
## Lawrence Abrams
44 Elevation of Privilege Vulnerabilities
35 Remote Code Execution Vulnerabilities
18 Information Disclosure Vulnerabilities
4 Denial of Service Vulnerabilities
9 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday. Therefore, the number of flaws does not include Mariner, Azure, and Microsoft Edge bugs fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5063878 & KB5063875 cumulative updates and the Windows 10 KB5063709 cumulative update .
## One publicly disclosed zero-day fixed
This month's Patch Tuesday fixes one
Qualys
Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review | Qualys
blogs_qualys·2025-08-12
Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for August 2025
- Adobe Patches for August 2025
- Zero-day Vulnerability Patched in August Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in August Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- Microsoft July 2025 Patch Tuesday Mitigations
- Qualys Monthly Webinar Series
It’s the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft’s August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here’s a quick breakdown of wh
Talos
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-08-12·CVSS 7.8
[HIGH] Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.
In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 13 "critical" entries, 9 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including the Windows kernel, Microsoft Message Queuing (MSMQ), Windows Hyper-V, Microsoft Office and GDI+.
CVE-2025-50176 is an RCE vulnerability in DirectX Graphics Kernel given a CVSS 3.1 score of 7.8, where access of resource using incompatible type ('type confusion') in Grap
Talos
Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-08-12·CVSS 7.8
[HIGH] Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.
In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 13 "critical" entries, 9 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including the Windows kernel, Microsoft Message Queuing (MSMQ), Windows Hyper-V, Microsoft Office and GDI+.
CVE-2025-50176 is an RCE vulnerability in DirectX Graphics Kernel given a CVSS 3.1 score of 7.8, where access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. Microsoft has noted t
Qualys
Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review
blogs_qualys·2025-08-12
Microsoft and Adobe Patch Tuesday, August 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for August 2025
Adobe Patches for August 2025
Zero-day Vulnerability Patched in August Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in August Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
Microsoft July 2025 Patch Tuesday Mitigations
Qualys Monthly Webinar Series
It’s the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft’s August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here’s a quick breakdown of what you need t
Crowdstrike
August 2025 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2025 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2025-08-12
Published