CVE-2025-21333
May 5, 2026 ยท View on GitHub
you can find the first version of exploit for this CVE at https://github.com/MrAle98/CVE-2025-21333-POC/tree/master . I made this new exploit inspired from the one made by MrAle98. It is more stable and little sketchy as it doesn't open windows sandbox process for getting the GUID. I used Microsoft Defender Application Gaurd(MDAG) api for getting the guid of the sandbox process.
NOTE
I tried to use IoRing spray as used by MrAle98 but doing SubmitIoRing all at once after doing the initial setup for IoRing but it was not working for me , idk why but
it was getting exception error at ProbeForWrite function in the IopIoRingDispatchRegisterBuffers function which allocates the chunk. so I shifted to trying pipe
attribute and then queue entry . I got arbitrary read using pipe attribute but again now queue entry was not working for me to get the arbitrary write so I got the
idea of using IoRing in a different way in which I do the SubmitIoRing and the setup work during the spray which worked, just have to set the thread priority as time critical.
REF
Spraying in PagedPool with min size 0x20 using IoRing mc buffer entry is a really great object , Thanks MrAle98 for it.
you can read his blog here: blog
msrc: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333