- Description
- ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
- Source
- vulnerability@kaspersky.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- vulnerability@kaspersky.com
- CWE-782
- Hype score
- Not currently trending
Game over for Windows? 🏛️♟️ 0xKern3lCrush checkmates the "Trust" model. BYOVD makes PPL a joke. Documenting how Safetica (CVE-2026-0828) & ThrottleStop (CVE-2025-7771) become kernel sledgehammers. 0xArtifacts: 👉 https://t.co/0dQ7ajh5ra #InfoSec #BYOVD #redteam
@SyedWaj25802383
4 Feb 2026
12 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7771: Exploiting a Signed Kernel Driver in a Red Team Operation https://t.co/oiA3iZTgUK https://t.co/nDRqSiVUxb
@DavidJou734
24 Dec 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7771: Exploiting a Signed Kernel Driver in a Red Team Operation https://t.co/sQU3i7Azhr
@Dinosn
23 Dec 2025
2844 Impressions
8 Retweets
28 Likes
13 Bookmarks
0 Replies
0 Quotes
🔥 ¡Así vivimos el Día 2 de #Ekoparty 2025!: ¡una jornada llena de aprendizaje, investigación y tecnología! Nuestro equipo tuvo una destacada participación en el Main Track con Ashley Muñoz y Anderson Leite, quienes presentaron CVE-2025-7771: Antivirus Evasion Through L
@KasperskyLatino
25 Oct 2025
190 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Charlas Main Track #EKO2025 🔥 🗣️ “CVE-2025-7771: Antivirus Evasion Through Legitimate Driver Abuse” dictada por @3NTR0_py. 💡 En un incidente reciente identificamos cómo un atacante ha estado aprovechando una vulnerabilidad de un Driver legítimo para enumerar
@ekoparty
3 Oct 2025
435 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
How a legitimate driver is being used to take down AV processes 1. Code Execution / Escalation of Privileges in ThrottleStop.sys CVE-2025-7771 2. AV killer https://t.co/UHOnGNuIt4 https://t.co/EmWqPpIISn
@blackorbird
8 Aug 2025
9469 Impressions
38 Retweets
136 Likes
104 Bookmarks
0 Replies
0 Quotes
CVE-2025-7771 and the driver of destruction: how a legitimate driver is being used to take down AV processes https://t.co/hgsnt4KH35
@assolini
6 Aug 2025
278 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
0 Quotes
Driver of destruction: How a legitimate driver is being used to take down AV processes #AVKiller CVE-2025-7771 https://t.co/xW9BVZADcg
@EChavarro
6 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
El driver de la destrucción: cómo un controlador legítimo se usa para desactivar los procesos antivirus #AVKiller CVE-2025-7771 https://t.co/RKWeiqJmUs
@EChavarro
6 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7771 ThrottleStop.sys Kernel Privilege Escalation via Arbitrary Physical Memory Access https://t.co/e0f4mL3thI
@VulmonFeeds
6 Aug 2025
99 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7771 ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This in… https://t.co/UrXRkPBFsp
@CVEnew
6 Aug 2025
526 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes