CVE-2025-1055 – K7 Security Anti-Malware IOCTL Elevation of Privilege Vulnerability

June 10, 2025

CVE ID : CVE-2025-1055

Published : June 11, 2025, 12:15 a.m. | 1 hour, 35 minutes ago

Description : A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected by the operating system. This flaw stems from missing access control in the driver’s IOCTL handler, enabling unprivileged users to perform privileged actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical services or privileged applications.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-30675 – Apache CloudStack Access Control Bypass Vulnerability

Next Article CVE-2024-8270 – Apple Rocket.Chat TCC Policy Bypass and DYLIB Injection Vulnerability

Highlights

CVE-2025-2336 – AngularJS SVG Image Content Spoofing Vulnerability

June 4, 2025

CVE ID : CVE-2025-2336

Published : June 4, 2025, 5:15 p.m. | 2 hours, 21 minutes ago

Description : Improper sanitization of the value of the ‘href’ and ‘xlink:href’ attributes in ” SVG elements in AngularJS’s ‘ngSanitize’ module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application’s performance and behavior by using too large or slow-to-load images.

This issue affects AngularJS versions greater than or equal to 1.3.1.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

DistroWatch Weekly, Issue 1132

I ran with the Apple Watch and Samsung Watch 8 – here’s the better AI coach

8 smart home gadgets that instantly upgraded my house (and why they work)

I tested Panasonic’s new affordable LED TV model – here’s my brutally honest buying advice

The details of TC39’s last meeting

The details of TC39’s last meeting

NativePHP Is Entering Its Next Phase

Medical Card Generator Android App Project Using SQLite

Microsoft Edge shifts to Copilot-first UI on Windows 11 as Perplexity Comet gains traction

Microsoft Edge shifts to Copilot-first UI on Windows 11 as Perplexity Comet gains traction

Is CDKeys Trustworthy? Everything You Need to Know Before Buying

Microsoft confirms Windows 11 24H2 stability issues, affecting games, tests performance fixes

CVE-2025-1055 – K7 Security Anti-Malware IOCTL Elevation of Privilege Vulnerability

SharePoint under fire: ToolShell attacks hit organizations worldwide

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

CVE-2025-46252 – Contact Form 7 SQL Injection Vulnerability

We saw Sony’s 2025 Bravia TV lineup, including a flagship OLED model that blew us away

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Hey It’s Nicki Shirt

CVE-2025-2336 – AngularJS SVG Image Content Spoofing Vulnerability

10 Best AI Code Review Tools and How They Work

16 Best Free and Open Source Linux Computer Algebra Systems

CVE-2025-4313 – SourceCodester Advanced Web Store SQL Injection Vulnerability

CVE-2025-1055 – K7 Security Anti-Malware IOCTL Elevation of Privilege Vulnerability

Related Posts