CVE-2025-21418
Published: 11 February 2025
Description
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Security Summary
CVE-2025-21418 is an elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock. Published on 2025-02-11, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-122, with additional NVD-CWE-noinfo classification. The flaw affects Windows systems utilizing this driver component.
A local attacker with low privileges can exploit the vulnerability through low-complexity means without requiring user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, enabling privilege escalation on the targeted system.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418 provides details on patching. The vulnerability appears in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21418, signaling real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 11 February 2025