CVE-2025-1055

Vulnerability

Overview

The vulnerability resides in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite. The driver's IOCTL handler lacks proper access control checks, allowing a local low-privilege user to send crafted IOCTL requests that can terminate processes running with administrative or system-level privileges. This flaw is a classic example of a missing privilege validation in kernel-mode code [1].

Exploitation

Exploitation requires local access to the system as an unprivileged user. The attacker sends specially crafted IOCTL requests to the driver, which executes them in kernel context without verifying the caller's privileges. The driver does not enforce any access control, so any user can trigger the termination of arbitrary processes, except those inherently protected by the operating system (e.g., critical system processes).

Impact

Successful exploitation allows an attacker to terminate critical services or privileged applications, causing a denial of service (DoS). This can disrupt system stability, security software, or other high-integrity processes, potentially leading to further compromise or service unavailability.

Mitigation

The vulnerability was disclosed by Pentraze Cybersecurity [1]. Users should monitor for and apply any driver updates from K7 Security to remediate the issue. As of the publication date, no official patch has been announced, but restricting local access to trusted users can reduce risk.