PT-2025-28587 · Microsoft · Virtual Hard Disk +1

Sergey Tarasov

Published

2025-03-28

Updated

2025-09-07

CVE-2025-49689

CVSS v3.1

7.8

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

**Name of the Vulnerable Software and Affected Versions:**

Microsoft Windows Virtual Hard Disk (VHDX) (affected versions not specified)

**Description:**

An integer overflow or wraparound condition exists in Virtual Hard Disk (VHDX) that may allow an unauthorized attacker to elevate privileges locally. The issue affects the NTFS file system on Microsoft Windows.

**Recommendations:**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Pointer Dereference

Integer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-822CWE-190CWE-125

Related Identifiers

BDU:2025-08306

CVE-2025-49689

Affected Products

Virtual Hard Disk

Windows

PT-2025-28587 · Microsoft · Virtual Hard Disk +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 18