- Description
- K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-269
- Hype score
- Not currently trending
Confirmed: the two drivers with CVE-2025-52915 CVE-2025-1055 is still available on latest Win11 at present. https://t.co/XTToARjtmt
@anylink20240604
14 Sept 2025
9365 Impressions
15 Retweets
115 Likes
55 Bookmarks
1 Reply
0 Quotes
CVE-2025-52915 K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are pro… https://t.co/sQlg90mYJS
@CVEnew
9 Sept 2025
270 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52915 assigned - my first vulnerability!🥳 A classic BYOVD case: kernel driver with unrestricted process termination. Vendor coordination turned out more challenging than the exploit itself. Technical write-up: https://t.co/tkR24y9w2p #ExploitDev #CVE #BYOVD #RedTeam
@BlackSnufkin42
3 Sept 2025
4419 Impressions
30 Retweets
82 Likes
22 Bookmarks
0 Replies
1 Quote