Insufficient Caller Validation in Safetica Application Suite's STProcessMonitor
CVE-2025-70795

5.5MEDIUM

Key Information:

Vendor: Safetica
Status: STProcessMonitor
Vendor: CVE Published:; 17 April 2026

What is CVE-2025-70795?

The STProcessMonitor component of Safetica's Application Suite introduces a vulnerability due to inadequate caller validation within its IOCTL handler. An admin-privileged user can exploit this vulnerability by sending tailored IOCTL requests intended to terminate processes that are otherwise protected by third-party implementations. This exploitation allows unauthorized processes to gain control over sensitive termination operations in kernel space. As a result, critical third-party services or applications may experience disruptions, potentially leading to denial of service scenarios.

References

https://bbs.kafan.cn/thread-2287429-1-1.html

https://bbs.kafan.cn/thread-2287429-2-1.html

https://www.virustotal.com/gui/file/70bcec00c215fe5277970...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70795 Data

JSON