CVE-2025-7771
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-06
Assigner: Kaspersky Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown | all | * |
| unknown | medusalocker | * |
| kaspersky | kaspersky_endpoint_security | * |
| microsoft | windows | * |
| techpowerup | throttlestop | 3.0.0.0 |
| unknown | throttleblood | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-782 | The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ThrottleStop.sys driver, which exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory through the MmMapIoSpace function. A malicious user-mode application can exploit this to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 (highest) privileges. This leads to privilege escalation and enables attackers to execute arbitrary code in kernel context.
How can this vulnerability impact me? :
The vulnerability allows local attackers to escalate their privileges to kernel level, which can result in executing arbitrary code with the highest system privileges. This can lead to disabling security software, bypassing kernel-level protections, and performing other malicious activities that compromise system integrity and security.
What immediate steps should I take to mitigate this vulnerability?
Apply updates per vendor instructions to ensure that the vulnerable ThrottleStop.sys driver is patched or replaced with a secure version.