Share
## https://sploitus.com/exploit?id=8BD757C5-0542-58AA-8FA6-5B7AABDA5C6A
# CVE-2025-21333



---
you can find the first version of exploit for this CVE at https://github.com/MrAle98/CVE-2025-21333-POC/tree/master . I made this new exploit inspired from the one made by MrAle98.
It is more stable and little sketchy as it doesn't open windows sandbox process for getting the GUID. I used Microsoft Defender Application Gaurd(MDAG) api for getting the 
guid of the sandbox process. 

## NOTE
---
I tried to use IoRing spray as used by MrAle98 but doing `SubmitIoRing` all at once after doing the initial setup for IoRing but it was not working for me , idk why but 
it was getting exception error at `ProbeForWrite` function in the `IopIoRingDispatchRegisterBuffers` function which allocates the chunk. so I shifted to trying pipe 
attribute and then queue entry . I got arbitrary read using pipe attribute but again now queue entry was not working for me to get the arbitrary write so I got the 
idea of using IoRing in a different way in which I do the `SubmitIoRing` and the setup work during the spray which worked, just have to set the thread priority as time critical.

## REF
---
Spraying in PagedPool with min size 0x20 using IoRing mc buffer entry is a really great object , Thanks MrAle98 for it.

you can read his blog here: [blog](medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae)

msrc: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21333