Zero Day MonitorZDM

← Back to list

7.0

CVE-2025-60719PATCHED

microsoft · windows_10_1607

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Description

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Affected Products

Vendor	Product	Versions
microsoft	windows_10_1607	< 10.0.14393.8594, < 10.0.14393.8594, < 10.0.17763.8027, < 10.0.17763.8027, < 10.0.19044.6575, < 10.0.19045.6575, < 10.0.22631.6199, < 10.0.26100.7092, < 10.0.26200.7092, < 10.0.14393.8594, < 10.0.17763.8027, < 10.0.20348.4346, < 10.0.25398.1965, < 10.0.26100.7092

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
hitachi	hitachi storage	cert_advisory	90%
microsoft	microsoft windows	cert_advisory	90%
microsoft	windows	cert_advisory	90%
microsoft	microsoft windows server 2012 r2	cert_advisory	90%

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60719(Vendor Advisory)

Related News (1 articles)

Tier B

BSI Advisories7h ago

[UPDATE] [kritisch] Microsoft Windows und Windows Server: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.17.0 HIGH

VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

10.0.14393.859410.0.17763.802710.0.19044.657510.0.19045.657510.0.22631.619910.0.26100.709210.0.26200.709210.0.20348.434610.0.25398.1965

CWECWE-822

PublishedNov 11, 2025

Last enriched12d ago

Trending Score26

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-33118EXP

Microsoft Edge (Chromium-based) Spoofing Vulnerability

MEDIUMCVE-2026-33119EXP

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

HIGHCVE-2026-21513EXPKEV

MSHTML Framework Security Feature Bypass Vulnerability

HIGHCVE-2026-21509EXPKEV

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

CRITICALCVE-2026-32211EXP

Azure MCP Server Information Disclosure Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Nov 11, 2025

Patch Available

Nov 17, 2025

Discovered by ZDM

Apr 1, 2026