CVE-2025-64699

HIGH

7.8

Descripcion

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado12/31/2025

Ultima modificacion1/14/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

sevencs:ec2007_kernelsevencs:orca_g2

Debilidades (CWE)

CWE-732

Referencias

https://gist.github.com/GunP4ng/42b19ee99e94c315173b74a9fb26c2b9(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.