Information Disclosure Vulnerability in PEAK-System Driver
CVE-2025-6217

Currently unrated

Key Information:

Vendor: PEAK-System
Status: PEAK-System Driver
Vendor: CVE Published:; 21 June 2025

🔔 Create PEAK-System Vulnerability Alert

What is CVE-2025-6217?

The PEAK-System Driver contains an information disclosure vulnerability that allows local attackers to access sensitive information under certain conditions. The issue is rooted in the management of the PCANFD_ADD_FILTERS IOCTL operation, where improper locking mechanisms can be exploited. An attacker, who possesses the capability to execute low-privileged code on the target system, can leverage this vulnerability along with others to potentially gain unauthorized access to kernel-level processes.

References

https://www.zerodayinitiative.com/advisories/ZDI-25-408/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2025