CVE-2025-1055
K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User
Vexday Risk Score
55Atención
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Prueba de concepto
Existe prueba de concepto pública, pero aún no automatizada.
CVSS 5.6EPSS 0.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
10 jun 2025Publicada en NVD
04 sep 2025PoC pública
Velocidad de armamento
85 díashasta el primer PoC
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Productos afectados
K7 Security · K7 Security Anti-MalwarePoCs públicas encontradas — 1
vulncheckvulncheck.com/xdb/4ec87af0852dno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.