February 2025: [Experts Break Down Zero-Days, 7-Zip Vulnerabilities, and More]

CVE-2025-21293 is an Active Directory Domain Services elevation of privilege flaw with a public proof of concept that abuses the built-in Network Configuration Operators group, which holds excessive permissions over sensitive registry keys and lets an attacker register a malicious performance counter that runs with system-level privileges.

CVE-2025-21418 is a Windows Ancillary Function Driver for WinSock (AFD.sys) elevation of privilege vulnerability that is low complexity and actively exploited even though no public exploit exists. It affects Windows 10, Windows 11, and Server 2008 through later server releases.

CVE-2025-21420 is an elevation of privilege flaw in the Windows Disk Cleanup tool. The team reads it as attackers probing legacy code that survives on end-of-life servers like Server 2008 and Server 2012, which remain common in enterprises and may not get future fixes.

Any 7-Zip version before 24.09 can be exploited through a Mark of the Web bypass that allows arbitrary code execution, undercutting the assumption that simply unarchiving a file without running an executable is safe.

CVE-2025-4126 is an Apple AirPlay vulnerability patched in macOS 15.3 that lets an attacker on the same local network cause unexpected system termination or corrupt process memory, a real risk on shared Wi-Fi at events like DEF CON.