CVE-2025-49762
afd.sys — race condition allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | afd.sys |
| Vulnerability Class | Race Condition |
| CVSS | 7.0 |
| Exploited ITW | No |
| Patch Date | July 8, 2025 |
Root Cause
A race condition in the AFD driver lets concurrent operations access shared state with no synchronization. Two threads racing on socket operations corrupt internal data structures and gain privilege escalation.
Exploitation
The attacker spawns multiple threads performing concurrent socket operations to hit the race window. The state corruption gives a kernel memory corruption primitive for SYSTEM escalation.
Exploitation Primitive
Concurrent socket operations → race condition
→ state corruption → privilege escalation → SYSTEM