CVE-2025-48803

MEDIUM

Published Jul 8, 2025 Modified Jul 15, 2025 CWE-353

Description

Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

CVSS v3.1 Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-353 CWE-353

Affected Products

Vendor	Product	Versions
microsoft	windows_10_1507	< 10.0.10240.21073
microsoft	windows_10_1507	< 10.0.10240.21073
microsoft	windows_10_1607	< 10.0.14393.8246
microsoft	windows_10_1607	< 10.0.14393.8246
microsoft	windows_10_1809	< 10.0.17763.7558
microsoft	windows_10_1809	< 10.0.17763.7558
microsoft	windows_10_21h2	< 10.0.19044.6093
microsoft	windows_10_22h2	< 10.0.19045.6093
microsoft	windows_11_22h2	< 10.0.22621.5624
microsoft	windows_11_23h2	< 10.0.22631.5624
microsoft	windows_11_24h2	< 10.0.26100.4652
microsoft	windows_server_2016	< 10.0.14393.8246
microsoft	windows_server_2019	< 10.0.17763.7558
microsoft	windows_server_2022	< 10.0.20348.3932
microsoft	windows_server_2022_23h2	< 10.0.25398.1732
microsoft	windows_server_2025	< 10.0.26100.4652

References

Advisories & Patches

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48803

Frequently Asked Questions

What is CVE-2025-48803? +

Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. It has a CVSS v3.1 base score of 6.7 (MEDIUM).

How severe is CVE-2025-48803? +

CVE-2025-48803 has a CVSS v3.1 score of 6.7 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-48803? +

CVE-2025-48803 affects products from microsoft, specifically: windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-48803? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-46917 8.1

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity …

CVE-2024-27817 7.8

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and …

CVE-2023-32475 7.6

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially …

CVE-2025-48500 7.3

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated …

CVE-2026-42428 7.1

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin …

CVE-2025-65203 7.1

KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe …

Quick Facts

CVSS Score: 6.7
Severity: MEDIUM
Published: Jul 8, 2025

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2025-48803.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →