CVE-2025-66676
Denial of Service in IObit Unlocker v1.3.0.11 via Crafted Request
Publication date: 2026-02-13
Last updated on: 2026-03-25
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iobit | iobit_unlocker | 1.3.0.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or disabling the vulnerable driver and preventing the exploit from running.
- Stop and delete the vulnerable driver service if it is loaded, to prevent exploitation.
- Remove the vulnerable driver file (IObitUnlocker.sys) from the Windows drivers directory (C:\Windows\System32\Drivers\).
- Ensure that only trusted users have administrator privileges to prevent running exploit executables.
- Monitor and restrict execution of suspicious executables that attempt to exploit this vulnerability.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'This vulnerability exists in IObit Unlocker version 1.3.0.11 and earlier. The software is designed to unlock locked files by terminating the process that holds a lock on the file. The issue arises because the driver controlling this behavior uses a simple checksum-based control to prevent arbitrary processes from interacting with it, but this control can be bypassed.'}, {'type': 'paragraph', 'content': "An attacker can exploit this by placing the vulnerable driver file in the Windows drivers directory and running a specially crafted executable that has been patched to pass the driver's checksum verification. This exploit allows the attacker to arbitrarily terminate processes by specifying their names, effectively causing a Denial of Service (DoS)."}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with administrator privileges to arbitrarily terminate running processes on your system. This can lead to a Denial of Service (DoS) condition where critical applications or services are unexpectedly stopped, potentially disrupting normal operations and causing data loss or system instability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the IObit Unlocker driver (IObitUnlocker.sys) being exploited to terminate arbitrary processes by bypassing a checksum control. Detection involves checking for the presence and activity of the vulnerable driver and monitoring for unusual process termination behavior.
Suggested detection steps include:
- Check if the vulnerable driver file (IObitUnlocker.sys) exists in the Windows drivers directory (C:\Windows\System32\Drivers\).
- Use Windows command to list loaded drivers: `sc queryex type= driver` or `driverquery` to see if IObitUnlocker.sys is loaded.
- Monitor system logs or use process monitoring tools (like Sysinternals Process Monitor) to detect unexpected termination of processes.
- Look for suspicious executables running with administrator privileges that match the exploit pattern (e.g., IOBitUnlockerKiller.exe or similar).