We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-7771

Code Execution / Escalation of Privileges in ThrottleStop



Description

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.

Reserved 2025-07-17 | Published 2025-08-06 | Updated 2025-08-06 | Assigner Kaspersky


HIGH: 8.7CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-782: Exposed IOCTL with Insufficient Access Control

Product status

Default status
unknown

3.0.0.0 and possibly others
affected

References

github.com/...visories/blob/master/K-TechPowerUp-2025-001.md

www.techpowerup.com/download/techpowerup-throttlestop/

securelist.com/av-killer-exploiting-throttlestop-sys/117026/

cve.org (CVE-2025-7771)

nvd.nist.gov (CVE-2025-7771)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-7771

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.