CVE-2025-67826
Local Privilege Escalation in K7 Ultimate Security via Named Pipe
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| k7 | k7_ultimate_security | 17.0.2045 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67826 is a Local Privilege Escalation vulnerability in K7 Ultimate Security version 17.0.2045. It occurs because of insecure access to a named pipe, which allows a local unprivileged user to modify any registry key. This can lead to a full system compromise with SYSTEM-level privileges. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local unprivileged user to gain SYSTEM-level privileges on the affected system, resulting in a full compromise of the system. This means an attacker could potentially control the entire system and perform any actions with the highest level of access. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update K7 Ultimate Security to version 17.0.2057 or higher, which includes the fixed K7Sentry.sys version 22.0.0.74 or above. This update addresses the insecure access to the named pipe and prevents local unprivileged users from modifying registry keys and gaining SYSTEM-level privileges. [1]