CVE-2025-1055
K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User
Vexday Risk Score
55Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 5.6EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
10 Jun 2025Published on NVD
04 Sep 2025Public PoC
Weaponization speed
85 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected products
K7 Security · K7 Security Anti-Malwarepublic PoCs found — 1
vulncheckvulncheck.com/xdb/4ec87af0852dunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.