CVE-2025-64673
storvsp.sys — elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | storvsp.sys (Hyper-V Storage Virtual Service Provider) |
| Vulnerability Class | Elevation of Privilege |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | December 9, 2025 |
Root Cause
A vulnerability in the Storage VSP driver allows a local attacker or Hyper-V guest to escalate privileges. The exact root cause has not been publicly detailed beyond Microsoft's advisory.
Exploitation
The attacker sends crafted storage operations to escalate privileges.
Exploitation Primitive
Crafted storage operation → kernel vulnerability → SYSTEM