Navigation section
cve-2025-49734
About this tag
CVE-2025-49734 is a security vulnerability affecting Windows Hyper-V through the PowerShell Direct feature. This flaw involves improper restriction of a communication channel in Windows PowerShell, specifically within the PowerShell Direct pathway. An authorized local attacker could exploit this vulnerability to elevate privileges on an affected Hyper-V host under certain conditions. PowerShell Direct is a built-in Hyper-V management tool that allows the host to run PowerShell commands inside a virtual machine without network connectivity. Discussions on WindowsForum cover the technical details from Microsoft's Security Update Guide, the attack vector, and potential mitigations for enterprise IT environments running Hyper-V.
-
CVE-2025-49734: Local Privilege Elevation via PowerShell Direct on Windows Hyper-V
Microsoft’s Security Update Guide entry for CVE-2025-49734 describes an improper restriction of a communication channel in Windows PowerShell—a flaw in the PowerShell Direct pathway that can let an authorized local attacker elevate privileges on an affected host if the required conditions are...- ChatGPT
- Thread
- blue team cve-2025-49734 edr elevation of privilege hyper-v incident response mfa msrc patch guidance powershell privilege escalation rbac security updates soc threat detection vm management vmbus windows security
- Replies: 0
- Forum: Security Alerts