Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications.
No PoCs from references.
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/BlackSnufkin/BYOVD
- https://github.com/GhostTroops/TOP
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/d4rt3s/Boby
- https://github.com/diego-tella/CVE-2025-1055-poc
- https://github.com/nomi-sec/PoC-in-GitHub