CVE-2025-66676
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in IObit Unlocker v1.3.0.11 via Crafted Request

Publication date: 2026-02-13

Last updated on: 2026-03-25

Assigner: MITRE

Description
An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-13
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-02-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66676
EUVD
EUVD-2025-206909
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
iobit iobit_unlocker 1.3.0.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include removing or disabling the vulnerable driver and preventing the exploit from running.

  • Stop and delete the vulnerable driver service if it is loaded, to prevent exploitation.
  • Remove the vulnerable driver file (IObitUnlocker.sys) from the Windows drivers directory (C:\Windows\System32\Drivers\).
  • Ensure that only trusted users have administrator privileges to prevent running exploit executables.
  • Monitor and restrict execution of suspicious executables that attempt to exploit this vulnerability.
Executive Summary

[{'type': 'paragraph', 'content': 'This vulnerability exists in IObit Unlocker version 1.3.0.11 and earlier. The software is designed to unlock locked files by terminating the process that holds a lock on the file. The issue arises because the driver controlling this behavior uses a simple checksum-based control to prevent arbitrary processes from interacting with it, but this control can be bypassed.'}, {'type': 'paragraph', 'content': "An attacker can exploit this by placing the vulnerable driver file in the Windows drivers directory and running a specially crafted executable that has been patched to pass the driver's checksum verification. This exploit allows the attacker to arbitrarily terminate processes by specifying their names, effectively causing a Denial of Service (DoS)."}] [1]

Impact Analysis

This vulnerability can impact you by allowing an attacker with administrator privileges to arbitrarily terminate running processes on your system. This can lead to a Denial of Service (DoS) condition where critical applications or services are unexpectedly stopped, potentially disrupting normal operations and causing data loss or system instability.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the IObit Unlocker driver (IObitUnlocker.sys) being exploited to terminate arbitrary processes by bypassing a checksum control. Detection involves checking for the presence and activity of the vulnerable driver and monitoring for unusual process termination behavior.

Suggested detection steps include:

  • Check if the vulnerable driver file (IObitUnlocker.sys) exists in the Windows drivers directory (C:\Windows\System32\Drivers\).
  • Use Windows command to list loaded drivers: `sc queryex type= driver` or `driverquery` to see if IObitUnlocker.sys is loaded.
  • Monitor system logs or use process monitoring tools (like Sysinternals Process Monitor) to detect unexpected termination of processes.
  • Look for suspicious executables running with administrator privileges that match the exploit pattern (e.g., IOBitUnlockerKiller.exe or similar).
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66676. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart