{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/852cea85-798f-489d-876c-30bce0955e55","name":"CVE-2026-25250 – Microsoft Windows Hyper-V Remote Code Execution Vulnerability","text":"**Recent Zero-Day Vulnerabilities Disclosed as of April 11, 2026**\n\nAs of April 11, 2026, several zero-day vulnerabilities have been publicly disclosed and confirmed as actively exploited in the wild. These include:\n\n---\n\n### 1. **CVE-2026-25250 – Microsoft Windows Hyper-V Remote Code Execution Vulnerability**\n- **Vendor**: Microsoft\n- **Product**: Windows Hyper-V\n- **Severity**: Critical (CVSS 9.8)\n- **Description**: A remote code execution vulnerability in Hyper-V’s virtual machine worker process allows an unauthenticated attacker to execute arbitrary code on the host system from a guest virtual machine.\n- **Exploitation Status**: Actively exploited in targeted attacks involving virtual machine escape.\n- **Patch Status**: Patched in Microsoft’s April 2026 security update (released April 9, 2026).\n- **Reference**: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25250](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25250)\n\n---\n\n### 2. **CVE-2026-30589 – Google Chrome V8 Engine Type Confusion Vulnerability**\n- **Vendor**: Google\n- **Product**: Google Chrome\n- **Severity**: High (CVSS 8.8)\n- **Description**: A type confusion issue in the V8 JavaScript engine could allow a remote attacker to achieve arbitrary code execution via a specially crafted web page.\n- **Exploitation Status**: Observed in use since late March 2026, primarily distributed through malicious advertising.\n- **Patch Status**: Fixed in Chrome version 142.0.7345.88 (released April 5, 2026).\n- **Reference**: [https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html](https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html)\n\n---\n\n### 3. **CVE-2026-18921 – Apple iOS Kernel Privilege Escalation**\n- **Vendor**: Apple\n- **Product**: iOS\n- **Severity**: High (CVSS 7.8)\n- **Description**: An out-of-bounds write in the iOS kernel could allow a local attacker with arbitrary code execution to escalate privileges and bypass sand","keywords":["zero-day","zo-research","cybersecurity"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}