CVE-2025-1055
K7RKScan.sys — elevation of privilege in K7 Computing antivirus driver
Summary
| Field | Value |
|---|---|
| Driver | K7RKScan.sys (K7 Computing) |
| Vulnerability Class | Elevation of Privilege |
| Exploited ITW | No |
| Vendor | K7 Computing |
Root Cause
The K7 Computing antivirus rootkit scanner driver exposes IOCTL handlers with no access control. A local attacker can open the device and send IOCTLs that manipulate kernel state. Related to CVE-2025-52915, another K7RKScan.sys vulnerability.
Exploitation
The attacker opens the K7RKScan device and sends crafted IOCTLs to escalate privileges or terminate processes.
Exploitation Primitive
Open device handle → crafted IOCTL
→ kernel state manipulation → privilege escalation