CVE-2025-52915
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| k7_computing | k7_ultimate_security | 17.0.2049 |
| k7_computing | k7rkscan.sys | 23.0.0.11 |
| k7_computing | k7rkscan.sys | 23.0.0.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in K7RKScan.sys version 23.0.0.10, part of the K7 Security Anti-Malware suite. It allows an admin-privileged user to send specially crafted IOCTL requests to terminate processes that are supposed to be protected by a third-party implementation. The root cause is insufficient validation of the caller in the driver's IOCTL handler, which enables unauthorized processes to perform these actions in kernel space.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to a denial of service by disrupting critical third-party services or applications, potentially causing system instability or interruption of important functions.