Is CVE-2010-1225 in the CISA KEV catalog?

No. CVE-2010-1225 is not currently on the CISA Known Exploited Vulnerabilities list.

What is the CVSS severity of CVE-2010-1225?

CVE-2010-1225 has a CVSS v2 base score of 9.3 (HIGH).

What is the EPSS score for CVE-2010-1225?

CVE-2010-1225 has an EPSS score of 28.16% (98th percentile), estimating the probability of exploitation in the next 30 days.

CVE & CISA-KEV Catalog

CVE-2010-1225

HIGHEPSS 98th pctl

9.3

CVSS v2

NVD

Description

The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."

CWE-264

CVSS v2 Vector

No CVSS vector data available.

Exploit Intelligence

28.16%probability of exploitation in 30 days

98thpercentile

Very high risk: more likely to be exploited than 98% of all known CVEs.

References

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-29.