criticalCVE-2025-27462

XenCons Windows PV Driver Missing Security Descriptor Vulnerability

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464

ProductXen Windows PV Drivers
CVSS9.4
EPSSNot scored yet
UpdatedJuly 9, 2026

Quick answer

Xen Project Xen Windows PV Drivers should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Windows PV drivers published before XSA-468 fixes

Fixed versions

  • XCP-ng Windows PV Drivers 9.1.200 or vendor fixed release

How to fix it

XenCons in Xen Windows PV Drivers lacks proper security descriptors, allowing unprivileged access to driver facilities inside Windows guests. Deploy the fixed Windows PV driver package for XSA-468 and reboot affected VMs. Review multi-user Windows guests for local privilege escalation indicators.

  1. Inventory Windows VMs with Xen PV drivers and record the installed XenCons driver version.
  2. Install the vendor fixed Windows PV driver package for XSA-468.
  3. Prioritize shared Windows servers, RDS hosts, jump boxes, and externally reachable workloads.
  4. Restrict untrusted local access until the fixed driver package is deployed and the VM is rebooted.
  5. Review Windows security logs, driver load events, local groups, services, and scheduled tasks for suspicious changes.
  6. Rotate credentials and rebuild affected guests if local privilege escalation or persistence is confirmed.
  7. Coordinate reboot windows and confirm backup or snapshot coverage before driver replacement.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm XenCons and related PV drivers report a fixed version for CVE-2025-27462.
  • Validate unprivileged users cannot access protected XenCons driver facilities.
  • Review Windows and EDR logs for suspicious local escalation attempts.
  • Test console, networking, storage, shutdown, and migration functionality after the update.
  • Run a Fixnx scan and confirm public Windows management exposure is not present.

Related categories

Trusted references

FAQ

What is affected by CVE-2025-27462?

Xen Project Xen Windows PV Drivers versions listed as affected should be reviewed: Windows PV drivers published before XSA-468 fixes.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.