CVE-2025-32709

HIGH KEV

Windows 10/11, Server 2008-2016 - Privilege Escalation via AFD Null Pointer Dereference

Title source: llm

Exploitation Summary

CVE-2025-32709 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 13, 2025. EIP tracks 1 public exploit from researchers including AdnanSiyat.

AI-analyzed exploit summary This repository is a writeup documenting the patching process for CVE-2025-32709, including screenshots and steps for applying the May 2025 Cumulative Update (KB5058379) on Windows 10. It does not contain exploit code but provides remediation guidance.

Description

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Exploits (1)

nomisec WRITEUP

by AdnanSiyat · poc

https://github.com/AdnanSiyat/How-to-Patch-CVE-2025-32709

View Code ZIP pw:eip

This repository is a writeup documenting the patching process for CVE-2025-32709, including screenshots and steps for applying the May 2025 Cumulative Update (KB5058379) on Windows 10. It does not contain exploit code but provides remediation guidance.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Windows 10 (KB5058379)

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32709

Scores

CVSS v3 7.8

EPSS 0.0103

EPSS Percentile 77.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-05-13

VulnCheck KEV 2025-05-13

ENISA EUVD EUVD-2025-14439

CWE

CWE-416

Status published

Products (17)

microsoft/windows_10_1507 < 10.0.10240.21014

microsoft/windows_10_1607 < 10.0.14393.8066

microsoft/windows_10_1809 < 10.0.17763.7314 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.5854

microsoft/windows_10_22h2 < 10.0.19045.5854

microsoft/windows_11_22h2 < 10.0.22621.5335

microsoft/windows_11_23h2 < 10.0.22631.5335

microsoft/windows_11_24h2 < 10.0.26100.3981

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

... and 7 more

Published May 13, 2025

KEV Added May 13, 2025

Tracked Since Feb 18, 2026