CVE-2025-32709
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: secure@microsoft.com (Secondary)
Description
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Affected (19)
Products: Microsoft: Windows 10 1507, Windows 10 1607, Windows 10 1809, Windows 10 21h2, Windows 10 22h2, Windows 11 22h2, Windows 11 23h2, Windows 11 24h2, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022 23h2, Windows Server 2025
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.10240.21014 | |
| Before 10.0.14393.8066 | |
| Before 10.0.17763.7314 | |
| Before 10.0.19044.5854 | |
| Before 10.0.19045.5854 | |
| Before 10.0.22621.5335 | |
| Before 10.0.22631.5335 | |
| Before 10.0.26100.3981 | |
| All versions | |
| All versions | |
| Before 10.0.14393.8066 | |
| Before 10.0.17763.7314 | |
| Before 10.0.20348.3692 | |
| Before 10.0.25398.1611 | |
| Before 10.0.26100.3981 |
References (2)
Source: secure@microsoft.com
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Timeline (16)
2/13/20261 change
CVE Modified - Description
08:17 PM
- Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
+ Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
10/27/20252 changes
Modified Analysis - Reference Type
05:12 PM
- -
+ CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32709 Types: US Government Resource
Modified Analysis - CPE Configuration
05:12 PM
-
OR
*cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8066
*cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5854
*cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5854
*cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.5335
*cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.5335
*cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.4061
*cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8066
*cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.3692
*cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1611
*cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.4061
*cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.10240.21014
+
OR
*cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
*cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
*cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
*cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8066
*cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5854
*cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5854
*cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.5335
*cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.5335
*cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8066
*cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.3692
*cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1611
*cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.10240.21014
*cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.3981
*cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.3981
10/21/20253 changes
CVE Modified - Reference
11:17 PM
- -
+ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32709
CVE Modified - Reference
08:20 PM
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32709
+ -
CVE Modified - Reference
07:21 PM
- -
+ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32709
5/16/20252 changes
Initial Analysis - Reference Type
04:29 PM
- -
+ Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709 Types: Vendor Advisory
Initial Analysis - CPE Configuration
04:29 PM
- -
+ OR
*cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8066
*cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5854
*cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5854
*cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.5335
*cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.5335
*cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.4061
*cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8066
*cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.7314
*cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.3692
*cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1611
*cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.4061
*cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.10240.21014
5/14/20254 changes
CVE CISA KEV Update - Vulnerability Name
01:00 AM
- -
+ Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
CVE CISA KEV Update - Required Action
01:00 AM
- -
+ Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CVE CISA KEV Update - Due Date
01:00 AM
- -
+ 2025-06-03
CVE CISA KEV Update - Date Added
01:00 AM
- -
+ 2025-05-13
5/13/20254 changes
New CVE Received - Reference
05:16 PM
- -
+ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709
New CVE Received - CWE
05:16 PM
- -
+ CWE-416
New CVE Received - CVSS V3.1
05:16 PM
- -
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
New CVE Received - Description
05:16 PM
- -
+ Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.