CVE-2025-52347

Published May 1, 2026

Last updated 3 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-52347 describes a vulnerability found in the `DirectIo64.sys` component of several PassMark products, specifically BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004. This flaw allows attackers to gain access to kernel memory and escalate privileges on an affected system. The vulnerability is triggered through a specially crafted IOCTL 0x8011E044 call. This input validation issue, classified as CWE-20, means the affected software does not properly validate input, which can lead to unintended consequences such as unauthorized memory access and privilege escalation.

Description: An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call.
Source: cve@mitre.org
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-20

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 1

References