Local Privilege Escalation Vulnerability in K7 Security Anti-Malware Suite
CVE-2025-1055

5.6MEDIUM

Key Information:

Vendor

K7 Security

Status
K7 Security Anti-malware
Vendor
CVE Published:
11 June 2025

What is CVE-2025-1055?

A vulnerability in the K7 Security Anti-Malware suite's K7RKScan.sys driver allows low-privilege users to send specially crafted IOCTL requests, which can terminate numerous processes that run with higher privileges. This vulnerability is due to inadequate access controls within the driver's IOCTL handler, permitting unprivileged users to execute actions typically reserved for privileged accounts in kernel space. If exploited, this flaw can cause significant disruptions, leading to denial of service for critical services or applications.

Affected Version(s)

K7 Security Anti-Malware Windows 0 < 23.0.0.10

References

https://pentraze.com/
https://pentraze.com/vulnerability-reports/

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.