CVE-2025-21418

Published Feb 11, 2025

Last updated 5 months ago

Exploit knownCVSS high 7.8

Overview

Description
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Modified
Products
windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Exploit added on
Feb 11, 2025
Exploit action due
Mar 4, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-122
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    8 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    3 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. 🚨 #CVE-2025-21418: Critical #Windows AFDsys Vulnerability https://t.co/TsPmnzOg7d

    @UndercodeUpdate

    26 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/hIoJA1skXr https://t.co/FgA4vctgTu

    @dansantanna

    26 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    25 Feb 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. In February 2025, Microsoft addressed 56 vulnerabilities, including two in active exploitation. Key issues include CVE-2025-21418, a critical buffer overflow, and CVE-2025-21391, allowing file deletion without user interaction. Patches are vital for system security.

    @NyraKraal

    23 Feb 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    23 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    22 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    21 Feb 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. #CVE-2025-21418 2025-Feb Windows Ancillary Function Driver for WinSock 7.8 EoP Heap-based Buffer Overflow This time in AfdAccept... 🧐https://t.co/vhu2jbQk6h Side by side: https://t.co/Rm3j9YfdAW 📷 https://t.co/utNES7cBdO

    @clearbluejar

    20 Feb 2025

    3962 Impressions

    22 Retweets

    51 Likes

    21 Bookmarks

    2 Replies

    0 Quotes

  11. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/H5RQzcg85o https://t.co/Gy0VUQ4NoV

    @NickBla41002745

    19 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-21418 is very similar with CVE-2024-38193. The vulnerability is UAF in afd.sys. CVE-2024-38193 afdcreate->afdbind->afdlisten CVE-2025-21418 afdcreate->afdbind->afdaccept

    @ln_work94293

    18 Feb 2025

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    18 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/0cIkbN7TPr https://t.co/iC7iTT1GeS

    @IT_Peurico

    17 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. #DOYOUKNOWCVE CISA ALERT (Feb 10-14): 7 critical vulnerabilities actively exploited & added to CISA KEV! CVE-2025-24200 (iOS/iPadOS) – Physical attackers can disable USB Restricted Mode. CVE-2025-21418 (Windows WinSock) – Heap overflow → SYSTEM-level privilege escalation.

    @Loginsoft_Inc

    17 Feb 2025

    60 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    17 Feb 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    16 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Security Updates: Microsoft released its Patch Tuesday updates, addressing 63 flaws, including two vulnerabilities (CVE-2025-21391, CVE-2025-21418) that were already under active exploitation. The U.S. CISA has mandated federal agencies to apply these patches by March 4, 2025.… h

    @NgChinSiang2

    14 Feb 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/p7N2YOFnYu https://t.co/AhIHuuFppH

    @ggrubamn

    14 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-21418

    @transilienceai

    14 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/TsugpLlMGG https://t.co/AmQVS20RbT

    @NickBla41002745

    13 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/6j5gFxWn5G https://t.co/nAXrFsXoOh

    @TechMash365

    13 Feb 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. The recent in-the-wild 0-day in afd.sys (CVE-2025-21418) is in RIO again. Its 4th vulnerability in RIO part of afd.sys and the second in-the-wild 0-day in afd.sys. RIO was introduced in Windows 8.

    @NikitaTarakanov

    12 Feb 2025

    2460 Impressions

    5 Retweets

    40 Likes

    20 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 Microsoft has released patches for 63 flaws, including 2 actively exploited vulnerabilities. CVE-2025-21391 allows attackers to delete crucial files, while CVE-2025-21418 enables SYSTEM privilege escalation on Windows. https://t.co/pTwr7EXEgF

    @achi_tech

    12 Feb 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Microsoft’s February 2025 Security Update fixes 57 flaws, including 4 zero-days (2 actively exploited)! 🔹 CVE-2025-21391 – Windows Storage privilege escalation 🔹 CVE-2025-21418 – WinSock flaw granting SYSTEM privileges Publicly disclosed: NTLM hash leak & PixieFail bypass

    @dCypherIO

    12 Feb 2025

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Patch Tuesday - February 2025: CVE-2025-21391 & CVE-2025-21418 are elevation of privilege vulnerabilities in Windows Storage & the AFD for WinSock. Exploitation has been observed in the wild. Patching is highly recommended. #Threa... https://t.co/4PgILHvTGm

    @RedLegg

    12 Feb 2025

    20 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/6sHS1PXY1i https://t.co/1D5w4PrS8p

    @pcasano

    12 Feb 2025

    35 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Microsoft has released patches for 63 flaws, including 2 actively exploited vulnerabilities. CVE-2025-21391 allows attackers to delete crucial files, while CVE-2025-21418 enables SYSTEM privilege escalation on Windows https://t.co/GbiQxl43FK

    @TechProgramm

    12 Feb 2025

    54 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. آپدیت دیروز ویندوز (فوریه) ۵۵ مشکل امنیتی رو رفع میکنه که ۲ تاشون همین الان توسط هکرها استفاده میشن. دو تا آسیب‌پذیری: CVE-2025-21418 که یه باگ افزایش سطح دسترسی توی Windows Ancillary Function Driver for WinSock هست و CVE-2025-21391 مورد مشابه توی Windows Storage. https://t.co/o0

    @Geek_Alerts

    12 Feb 2025

    4774 Impressions

    4 Retweets

    53 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Microsoft has released patches for 63 flaws, including 2 actively exploited vulnerabilities. CVE-2025-21391 allows attackers to delete crucial files, while CVE-2025-21418 enables SYSTEM privilege escalation on Windows. 🔧 Apply the latest update now. Read more:… https://t.co

    @TheHackersNews

    12 Feb 2025

    41714 Impressions

    57 Retweets

    149 Likes

    19 Bookmarks

    4 Replies

    1 Quote

  31. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/QF2KkyNIyj https://t.co/sZab1RFMh6

    @secured_cyber

    11 Feb 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/EUx1tlu5RP https://t.co/vYajV6LXNs

    @Trej0Jass

    11 Feb 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391) https://t.co/Ln39PfYuLA https://t.co/521vaz2zmA

    @Trej0Jass

    11 Feb 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 Patch Tuesday: February 2025 🚨 Microsoft patches 56 vulnerabilities, including 2 zero-days (CVE-2025-21418, CVE-2025-21391). Here's a full breakdown: https://t.co/6EPl6dXvBz Other critical updates include: Windows: 56 vulnerabilities, two zero-days (CVE-2025-21418 and… h

    @Action1corp

    11 Feb 2025

    62 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  35. CVE-2025-21418 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability https://t.co/EqRfsV2IVl

    @CVEnew

    11 Feb 2025

    152 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.CVE-2026-26132
  2. Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.CVE-2026-26128
  3. Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.CVE-2026-26111
  4. Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.CVE-2026-25190
  5. Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2026-25189

References

Sources include official advisories and independent security research.