Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
No PoCs from references.
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/Demoo1337/ThrottleStop
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/U65535F/ThrottleStopPoC
- https://github.com/Yuri08loveElaina/CVE-2025-7771
- https://github.com/fxrstor/ThrottleStopPoC
- https://github.com/nomi-sec/PoC-in-GitHub