CVE-2025-6217

Published Jun 21, 2025

Last updated 25 days ago

CVSS low 3.8

Overview

Description
PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the PCANFD_ADD_FILTERS IOCTL. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-24161.
Source
zdi-disclosures@trendmicro.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.0

Type
Secondary
Base score
3.8
Impact score
1.4
Exploitability score
2
Vector string
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Severity
LOW

Weaknesses

zdi-disclosures@trendmicro.com
CWE-367

Social media

Hype score
Not currently trending

  1. CVE-2025-6217 PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive in… https://t.co/pdntYPJ2YR

    @CVEnew

    21 Jun 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.