CVE-2025-21418 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

Exploit added

February 11, 2025

Action due

March 4, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418

Weakness Enumeration

CWE-ID	CWE Name
CWE-122	Heap-based Buffer Overflow

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3403::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::x86:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3403::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5039::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5039::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2965::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3403::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::arm64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3107::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5039::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5039::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.4751::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7699::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5371::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.10240.20915::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3107::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7785::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7699::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5487::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6893::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6775::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.4890::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4890::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3194::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3194::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5487::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22621.4751::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.2894::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7785::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6893::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.4890::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4751::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4751::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.2894::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3107::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4890::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5371::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5371::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5487::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.10240.20915::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1308:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2201:::::::*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6659:::::::*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6414:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2762:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2966:::::::*
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6659::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5011::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6659::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19041.3920::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19041.3920::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7606::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7606::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5011::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19041.3920::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19041.3920::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6414::::::x64:
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5458::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5122::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5576::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4974::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4851::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4252::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5696::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4737::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4645::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3887::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3650::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3532::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5820::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3406::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2803::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2928::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2565::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3046::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2452::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5936::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3287::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3165::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183::::standard::x64:*

Details

Source:
NVD

Published:
February 11, 2025

Updated:
February 12, 2025

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined