Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-7771

UNKNOWN
Published 2025-08-06T09:35:00.684Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-7771. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

TechPowerUp

ThrottleStop

Affected Versions:

3.0.0.0 and possibly others

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.

Affected Products (ENISA)

techpowerup
throttlestop

ENISA Scoring

CVSS Score (4.0)

8.7
/10
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Score

0.020
probability

ENISA References

https://github.com/klsecservices/Advisories/blob/master/K-TechPowerUp-2025-001.md
https://www.techpowerup.com/download/techpowerup-throttlestop/
https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/

Data provided by ENISA EU Vulnerability Database. Last updated: August 6, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-f8p7-vvxp-hcxv

Advisory Details

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-7771
WEB https://github.com/klsecservices/Advisories/blob/master/K-TechPowerUp-2025-001.md
WEB https://securelist.com/av-killer-exploiting-throttlestop-sys/117026
WEB https://www.techpowerup.com/download/techpowerup-throttlestop

Advisory provided by GitHub Security Advisory Database. Published: August 6, 2025, Modified: August 6, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

2 posts
Reddit 1 week, 6 days ago
crstux
Exploit

🔥 Top 10 Trending CVEs (10/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-8088](https://nvd.nist.gov/vuln/detail/CVE-2025-8088)** - 📝 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the …

Also mentions: CVE-2025-34152 CVE-2025-53786 CVE-2025-6514 CVE-2025-40596 CVE-2025-53652 CVE-2025-31191 CVE-2025-24103 CVE-2022-26696
3
1
5.0
View Original High Risk
Reddit 2 weeks, 2 days ago
technadu

🚨 New Malware Exploits ThrottleStop.sys to Kill All Major AV Solutions A new strain of malware dubbed **AV Killer** is exploiting CVE-2025-7771 in the legitimate *ThrottleStop.sys* driver (by TechPowerUp) to **bypass antivirus protections across the board**. 💥 BYOVD attack allows: * Kernel-level access via I/O control code abuse * Killing …

1
1.0
View Original

References

https://github.com/klsecservices/Advisories/blob/master/K-TechPowerUp-2025-001.md
https://www.techpowerup.com/download/techpowerup-throttlestop/
https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/
Published: 2025-08-06T09:35:00.684Z
Last Modified: 2025-08-06T20:25:31.602Z
Copied to clipboard!