Privilege Escalation Vulnerability in ThrottleStop Driver by TechPowerUp
CVE-2025-7771
Key Information:
- Vendor
TecHPowerup
- Status
- Vendor
- CVE Published:
- 6 August 2025
Badges
What is CVE-2025-7771?
CVE-2025-7771 is a privilege escalation vulnerability found in the ThrottleStop driver developed by TechPowerUp. This driver is designed to help users manage CPU throttling and power settings on Windows systems. The vulnerability arises from two exposed IOCTL (Input Output Control) interfaces that permit unauthorized read and write access to physical memory through the MmMapIoSpace function. This flawed implementation enables potentially malicious user-mode applications to manipulate the running Windows kernel, allowing them to execute arbitrary code with kernel-level privileges. The ability to patch the kernel and invoke kernel functions can lead to severe repercussions, such as bypassing security controls and executing further malicious actions within the system environment.
Potential Impact of CVE-2025-7771
-
Privilege Escalation: The vulnerability allows local attackers to escalate their privileges to kernel level, enabling them to execute arbitrary code that can entirely compromise the system’s integrity.
-
Bypassing Security Mechanisms: Attackers can disable security software or circumvent kernel-level protections, significantly diminishing the effectiveness of existing security measures and leaving the system vulnerable to subsequent attacks.
-
Increased Risk of Compromise: With access to kernel functions, attackers can initiate follow-on attacks that may facilitate full system control, data breaches, and other malicious activities, thereby posing a substantial threat to organizational security.
Affected Version(s)
ThrottleStop 3.0.0.0 and possibly others
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.