CVE-2025-47973

Q: What is the severity of CVE-2025-47973?

CVE-2025-47973 has a CVSS score of 7.8 (HIGH). A buffer over-read vulnerability in Virtual Hard Disk (VHDX) handling allows local attackers to read beyond allocated memory boundaries. This can lead to privilege escalation on affected systems. The vulnerability affects systems using VHDX virtual disk files.

7.8 HIGH

Buffer Overflow

📋 TL;DR

A buffer over-read vulnerability in Virtual Hard Disk (VHDX) handling allows local attackers to read beyond allocated memory boundaries. This can lead to privilege escalation on affected systems. The vulnerability affects systems using VHDX virtual disk files.

💻 Affected Systems

Products:

Microsoft Windows
Hyper-V
Azure Stack HCI

Versions: Specific versions to be confirmed via Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016/2019/2022

Default Config Vulnerable: ⚠️ Yes

Notes: Systems using VHDX virtual disks are affected. Exact version ranges should be verified via Microsoft's advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation to SYSTEM/root level, allowing attacker to install malware, steal credentials, or pivot to other systems.

🟠

Likely Case

Local privilege escalation allowing attackers to gain administrative privileges on compromised systems.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though privilege escalation risk remains.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.

🏢 Internal Only: HIGH - Attackers with initial access to a system can use this to escalate privileges and move laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of memory layout. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined via Microsoft's monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47973

Restart Required: Yes

Instructions:

1. Check Microsoft's security advisory for patch availability. 2. Apply the latest Windows security updates via Windows Update. 3. Restart the system as required.

🔧 Temporary Workarounds

Restrict VHDX file access

windows

Limit access to VHDX files to trusted users only

icacls *.vhdx /inheritance:r /grant:r "Administrators:(F)" /grant:r "SYSTEM:(F)"

Disable unnecessary VHDX mounting

windows

Prevent automatic mounting of untrusted VHDX files

🧯 If You Can't Patch

Implement strict access controls on VHDX files and virtual disk operations
Monitor for suspicious privilege escalation attempts and VHDX file access patterns

🔍 How to Verify

Check if Vulnerable:

Check system version against Microsoft's advisory and verify if VHDX functionality is enabled

Check Version:

wmic os get caption,version,buildnumber

Verify Fix Applied:

Verify Windows Update history shows the relevant security patch installed and system version matches patched version

📡 Detection & Monitoring

Log Indicators:

Unusual VHDX file access patterns
Privilege escalation attempts
Failed authentication events followed by successful high-privilege operations

Network Indicators:

Lateral movement following local privilege escalation

SIEM Query:

EventID=4688 AND (ProcessName LIKE '%vhdx%' OR CommandLine LIKE '%vhdx%') AND NewProcessName LIKE '%powershell%' OR '%cmd%'

📊 Metadata

CVE ID: CVE-2025-47973

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-126

EPSS Score: 0.06% exploit probability (19.6th percentile)

Published: July 8, 2025

Last Updated: July 14, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47973 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict VHDX file access

Disable unnecessary VHDX mounting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities