CVE-2025-53718
afd.sys — use-after-free allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | afd.sys |
| Vulnerability Class | Use-After-Free |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | August 12, 2025 |
Root Cause
A use-after-free in the AFD driver occurs when an internal object is freed during socket teardown while a concurrent operation still holds a reference. The stale pointer dereference hits freed memory, which the attacker reclaims with controlled content.
Exploitation
The attacker races socket teardown against pending I/O operations. The freed memory is reclaimed via heap spraying, and the stale dereference provides a kernel memory corruption primitive for SYSTEM escalation.
Exploitation Primitive
Socket teardown race → UAF → heap reclaim
→ kernel memory corruption → SYSTEM