CVE-2025-64699

HIGH

7.8

Beschreibung

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation.

CVE Details

CVSS v3.1 Bewertung7.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorLOCAL

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht12/31/2025

Zuletzt geandert1/14/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

sevencs:ec2007_kernelsevencs:orca_g2

Schwachen (CWE)

CWE-732

Referenzen

https://gist.github.com/GunP4ng/42b19ee99e94c315173b74a9fb26c2b9(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.