CVE-2025-62213
afd.sys — use-after-free allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | afd.sys |
| Vulnerability Class | Use-After-Free |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | November 11, 2025 |
Root Cause
The AFD driver mismanages object lifetimes during certain socket operations, leaving a stale pointer after the referenced object is freed. A subsequent dereference hits freed memory.
Exploitation
The attacker triggers the UAF through specific socket operation sequences. Heap spraying reclaims the freed memory with controlled data, and the stale dereference gives a kernel corruption primitive for privilege escalation.
Exploitation Primitive
Socket operation → premature free → stale dereference
→ heap reclaim → kernel corruption → SYSTEM