CVE-2025-1055
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-06-12
Assigner: Pentraze
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the K7RKScan.sys driver of the K7 Security Anti-Malware suite. It allows a local user with low privileges to send specially crafted IOCTL requests to the driver, which lacks proper access control. This enables the user to terminate many processes running with administrative or system-level privileges, except those protected by the operating system. Essentially, unprivileged users can perform privileged actions in kernel space, leading to potential disruption.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause denial of service by terminating critical services or privileged applications. This disruption can affect system stability and availability, potentially impacting important processes running with high privileges.