216.73.217.22

CVE-2025-1055

· Published 11/06/2025 02:15 · Modified 16/06/2026 19:48 · Author: The MITRE Corporation

Labels: CVE-2025-1055 2025-06-1141c37e40-543d-43a2-b660-2fee83ea851aCVE-2025-1055CWE-862

Essential information

Published
11/06/2025 02:15
Modified
16/06/2026 19:48
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.6 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/C:N/I:N/A:H

CVSS metrics

Description

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
41c37e40-543d-43a2-b660-2fee83ea851a
NVD
View on NVD

Affected products (CPE)

ProductCPE
k7 security / k7 security anti-malware cpe:2.3:a:k7_security:k7_security_anti-malware:*:*:*:*:*:*:*:*
k7 security / k7rkscan cpe:2.3:a:k7_security:k7rkscan:*:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)