AI description
CVE-2025-21418 is an elevation of privilege vulnerability found in the Windows Ancillary Function Driver for WinSock (AFD.sys). This driver interacts with the Windows Sockets API, which applications use for internet communication. Successful exploitation allows an authenticated user with local access to escalate their privileges to SYSTEM level. This vulnerability affects all supported versions of Windows desktop and server operating systems. It's been observed being actively exploited in the wild, and the attack is characterized by low complexity and no requirement for user interaction. Similar vulnerabilities in the same Windows component have been previously exploited.
- Description
- Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
- Exploit added on
- Feb 11, 2025
- Exploit action due
- Mar 4, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-122
- nvd@nist.gov
- NVD-CWE-noinfo
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2025-21418
@transilienceai
22 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-21418
@transilienceai
21 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CVE-2025-21418 2025-Feb Windows Ancillary Function Driver for WinSock 7.8 EoP Heap-based Buffer Overflow This time in AfdAccept... 🧐https://t.co/vhu2jbQk6h Side by side: https://t.co/Rm3j9YfdAW 📷 https://t.co/utNES7cBdO
@clearbluejar
20 Feb 2025
3962 Impressions
22 Retweets
51 Likes
21 Bookmarks
2 Replies
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/H5RQzcg85o https://t.co/Gy0VUQ4NoV
@NickBla41002745
19 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21418 is very similar with CVE-2024-38193. The vulnerability is UAF in afd.sys. CVE-2024-38193 afdcreate->afdbind->afdlisten CVE-2025-21418 afdcreate->afdbind->afdaccept
@ln_work94293
18 Feb 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-21418
@transilienceai
18 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/0cIkbN7TPr https://t.co/iC7iTT1GeS
@IT_Peurico
17 Feb 2025
25 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#DOYOUKNOWCVE CISA ALERT (Feb 10-14): 7 critical vulnerabilities actively exploited & added to CISA KEV! CVE-2025-24200 (iOS/iPadOS) – Physical attackers can disable USB Restricted Mode. CVE-2025-21418 (Windows WinSock) – Heap overflow → SYSTEM-level privilege escalation.
@Loginsoft_Inc
17 Feb 2025
60 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-21418
@transilienceai
17 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-21418
@transilienceai
16 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Security Updates: Microsoft released its Patch Tuesday updates, addressing 63 flaws, including two vulnerabilities (CVE-2025-21391, CVE-2025-21418) that were already under active exploitation. The U.S. CISA has mandated federal agencies to apply these patches by March 4, 2025.… h
@NgChinSiang2
14 Feb 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/p7N2YOFnYu https://t.co/AhIHuuFppH
@ggrubamn
14 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-21418
@transilienceai
14 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/TsugpLlMGG https://t.co/AmQVS20RbT
@NickBla41002745
13 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/6j5gFxWn5G https://t.co/nAXrFsXoOh
@TechMash365
13 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The recent in-the-wild 0-day in afd.sys (CVE-2025-21418) is in RIO again. Its 4th vulnerability in RIO part of afd.sys and the second in-the-wild 0-day in afd.sys. RIO was introduced in Windows 8.
@NikitaTarakanov
12 Feb 2025
2460 Impressions
5 Retweets
40 Likes
20 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft has released patches for 63 flaws, including 2 actively exploited vulnerabilities. CVE-2025-21391 allows attackers to delete crucial files, while CVE-2025-21418 enables SYSTEM privilege escalation on Windows. https://t.co/pTwr7EXEgF
@achi_tech
12 Feb 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s February 2025 Security Update fixes 57 flaws, including 4 zero-days (2 actively exploited)! 🔹 CVE-2025-21391 – Windows Storage privilege escalation 🔹 CVE-2025-21418 – WinSock flaw granting SYSTEM privileges Publicly disclosed: NTLM hash leak & PixieFail bypass
@dCypherIO
12 Feb 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch Tuesday - February 2025: CVE-2025-21391 & CVE-2025-21418 are elevation of privilege vulnerabilities in Windows Storage & the AFD for WinSock. Exploitation has been observed in the wild. Patching is highly recommended. #Threa... https://t.co/4PgILHvTGm
@RedLegg
12 Feb 2025
20 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/6sHS1PXY1i https://t.co/1D5w4PrS8p
@pcasano
12 Feb 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft has released patches for 63 flaws, including 2 actively exploited vulnerabilities. CVE-2025-21391 allows attackers to delete crucial files, while CVE-2025-21418 enables SYSTEM privilege escalation on Windows https://t.co/GbiQxl43FK
@TechProgramm
12 Feb 2025
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
آپدیت دیروز ویندوز (فوریه) ۵۵ مشکل امنیتی رو رفع میکنه که ۲ تاشون همین الان توسط هکرها استفاده میشن. دو تا آسیبپذیری: CVE-2025-21418 که یه باگ افزایش سطح دسترسی توی Windows Ancillary Function Driver for WinSock هست و CVE-2025-21391 مورد مشابه توی Windows Storage. https://t.co/o0
@Geek_Alerts
12 Feb 2025
4774 Impressions
4 Retweets
53 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft has released patches for 63 flaws, including 2 actively exploited vulnerabilities. CVE-2025-21391 allows attackers to delete crucial files, while CVE-2025-21418 enables SYSTEM privilege escalation on Windows. 🔧 Apply the latest update now. Read more:… https://t.co
@TheHackersNews
12 Feb 2025
41714 Impressions
57 Retweets
149 Likes
19 Bookmarks
4 Replies
1 Quote
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/QF2KkyNIyj https://t.co/sZab1RFMh6
@secured_cyber
11 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/EUx1tlu5RP https://t.co/vYajV6LXNs
@Trej0Jass
11 Feb 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/Ln39PfYuLA https://t.co/521vaz2zmA
@Trej0Jass
11 Feb 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Patch Tuesday: February 2025 🚨 Microsoft patches 56 vulnerabilities, including 2 zero-days (CVE-2025-21418, CVE-2025-21391). Here's a full breakdown: https://t.co/6EPl6dXvBz Other critical updates include: Windows: 56 vulnerabilities, two zero-days (CVE-2025-21418 and… h
@Action1corp
11 Feb 2025
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21418 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability https://t.co/EqRfsV2IVl
@CVEnew
11 Feb 2025
152 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CFBEF986-E905-4BB5-B385-235915023D89",
"versionEndExcluding": "10.0.10240.20915"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "1BFC22FD-A703-4D65-9126-955BB9540340",
"versionEndExcluding": "10.0.10240.20915"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "B5BC47F5-150E-4D18-8CC4-356F22171D81",
"versionEndExcluding": "10.0.17763.6893"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "E448ECB4-CE46-4A29-A092-5A4D334E5535",
"versionEndExcluding": "10.0.17763.6893"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A932CBA3-651F-4BBA-968A-2D6CA7DF8506",
"versionEndExcluding": "10.0.19044.5487"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "810C8ECB-619F-447C-B352-E66F7EF5216E",
"versionEndExcluding": "10.0.19045.5487"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30AF7170-5722-4C9C-A8AD-7A9F0C5952EE",
"versionEndExcluding": "10.0.22621.4890"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62FFD367-FB8B-48CA-813F-760E4F393555",
"versionEndExcluding": "10.0.22631.4890"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9C5B9BC-F08B-49F8-82D3-7CC6BDB68995",
"versionEndExcluding": "10.0.26100.3194"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "273EE4B9-8B53-4387-98C8-EC5D2558DB82",
"versionEndExcluding": "10.0.17763.6893"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1711CDE0-4C93-40D3-91B7-DE507143A45F",
"versionEndExcluding": "10.0.20348.3207"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3106289-A3E3-4508-B118-17BD2488D681",
"versionEndExcluding": "10.0.25398.1425"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "C5C38103-E0F4-4302-98CE-BD8B20460004",
"versionEndExcluding": "10.0.26100.3194"
}
],
"operator": "OR"
}
]
}
]