CVE-2025-32709 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability

Exploit added

May 13, 2025

Action due

June 3, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709

Weakness Enumeration

CWE-ID	CWE Name
CWE-416	Use After Free

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.770::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4061::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1903::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2333::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3932::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3775::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2458::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3932::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8246::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7699::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2333::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2522::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8066::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4652::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3932::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2458::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3194::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3692::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1903::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2522::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7314::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7558::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2894::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1369:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1425:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.709:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.531:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.643:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1308:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1486:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1611:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.584:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1668:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085:::::-:x64:*
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7558::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7558::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22621.5335::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5624::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22621.5335::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21073::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21073::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4270::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5624::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5624::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8246::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4270::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4652::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3981::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5624::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4652::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3981::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8246::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4349::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3476::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2605::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3807::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3807::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3807::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3328::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3328::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3270::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3270::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3270::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3328::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8148::::::x64:
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7434::::::x64:
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7969::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.14393.5989::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::x86:

Details

Source:
NVD

Published:
May 13, 2025

Updated:
May 16, 2025

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined