1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability

Known Exploited Vulnerabilities CVE-2025-32709

Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability exploitation_technique T1068 Exploitation for Privilege Escalation
Comments
This use-after-free vulnerability in Windows has been exploited by attackers to gain SYSTEM-level privileges, leading to remote code execution, full system compromise, the modification of system processes to establish persistence on the machine, and the deployment of malware such as credential harvesters and ransomware.
References
  1. https://www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce
CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This use-after-free vulnerability in Windows has been exploited by attackers to gain SYSTEM-level privileges, leading to remote code execution, full system compromise, the modification of system processes to establish persistence on the machine, and the deployment of malware such as credential harvesters and ransomware.
References
  1. https://www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce
CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability primary_impact T1543 Create or Modify System Process
Comments
This use-after-free vulnerability in Windows has been exploited by attackers to gain SYSTEM-level privileges, leading to remote code execution, full system compromise, the modification of system processes to establish persistence on the machine, and the deployment of malware such as credential harvesters and ransomware.
References
  1. https://www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce
CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability primary_impact T1608.001 Upload Malware
Comments
This use-after-free vulnerability in Windows has been exploited by attackers to gain SYSTEM-level privileges, leading to remote code execution, full system compromise, the modification of system processes to establish persistence on the machine, and the deployment of malware such as credential harvesters and ransomware.
References
  1. https://www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce
CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability primary_impact T1003 OS Credential Dumping
Comments
This use-after-free vulnerability in Windows has been exploited by attackers to gain SYSTEM-level privileges, leading to remote code execution, full system compromise, the modification of system processes to establish persistence on the machine, and the deployment of malware such as credential harvesters and ransomware.
References
  1. https://www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce