CVE-2025-7771

06.08.2025, 10:15

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections.ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Kaspersky	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-782 - Exposed IOCTL with Insufficient Access Control
The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

References

https://github.com/klsecservices/Advisories/blob/master/K-TechPowerUp-2025-001.md

https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/

https://www.techpowerup.com/download/techpowerup-throttlestop/