{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1055", "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "state": "PUBLISHED", "assignerShortName": "Pentraze", "dateReserved": "2025-02-05T03:32:56.937Z", "datePublished": "2025-06-10T23:23:19.887Z", "dateUpdated": "2025-06-11T13:48:09.364Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "K7RKScan.sys", "platforms": ["Windows"], "product": "K7 Security Anti-Malware", "vendor": "K7 Security", "versions": [{"lessThan": "23.0.0.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Carlos Garrido of Pentraze Cybersecurity"}], "datePublic": "2025-06-10T16:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in the <code>K7RKScan.sys</code> driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications."}], "value": "A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "shortName": "Pentraze", "dateUpdated": "2025-06-10T23:24:09.533Z"}, "references": [{"url": "https://pentraze.com/"}, {"url": "https://pentraze.com/vulnerability-reports/"}], "source": {"discovery": "UNKNOWN"}, "title": "K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:47:53.999907Z", "id": "CVE-2025-1055", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:48:09.364Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1055", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-11T13:47:53.999907Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:47:58.268Z"}}], "cna": {"title": "K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Carlos Garrido of Pentraze Cybersecurity"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "K7 Security", "product": "K7 Security Anti-Malware", "versions": [{"status": "affected", "version": "0", "lessThan": "23.0.0.10", "versionType": "custom"}], "platforms": ["Windows"], "packageName": "K7RKScan.sys", "defaultStatus": "unaffected"}], "datePublic": "2025-06-10T16:30:00.000Z", "references": [{"url": "https://pentraze.com/"}, {"url": "https://pentraze.com/vulnerability-reports/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in the <code>K7RKScan.sys</code> driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "shortName": "Pentraze", "dateUpdated": "2025-06-10T23:24:09.533Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1055", "state": "PUBLISHED", "dateUpdated": "2025-06-11T13:48:09.364Z", "dateReserved": "2025-02-05T03:32:56.937Z", "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a", "datePublished": "2025-06-10T23:23:19.887Z", "assignerShortName": "Pentraze"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver's IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications."}, {"lang": "es", "value": "Una vulnerabilidad en el controlador K7RKScan.sys, parte de la suite antimalware K7 Security, permite a un usuario local con pocos privilegios enviar solicitudes IOCTL manipuladas para finalizar una amplia gama de procesos que se ejecutan con privilegios administrativos o de sistema, excepto aquellos protegidos inherentemente por el sistema operativo. Esta falla se debe a la falta de control de acceso en el controlador IOCTL del controlador, lo que permite a usuarios sin privilegios realizar acciones privilegiadas en el espacio del kernel. Una explotaci\u00f3n exitosa puede provocar una denegaci\u00f3n de servicio al interrumpir servicios cr\u00edticos o aplicaciones privilegiadas."}], "id": "CVE-2025-1055", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "type": "Secondary"}]}, "published": "2025-06-11T00:15:24.273", "references": [{"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "url": "https://pentraze.com/"}, {"source": "41c37e40-543d-43a2-b660-2fee83ea851a", "url": "https://pentraze.com/vulnerability-reports/"}], "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "type": "Secondary"}]}

{}

{}