CVE-2025-21418

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

Exploit added

February 11, 2025

Action due

March 4, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CWE-ID	CWE Name
CWE-122	Heap-based Buffer Overflow

Source:
NVD

Published:
February 11, 2025

Updated:
February 12, 2025

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Not defined