Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-7771
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Code Execution / Escalation of Privileges in ThrottleStop
Source: NVD (National Vulnerability Database)
Vulnerability Description
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
无充分访问控制条件下暴露IOCTL
Source: NVD (National Vulnerability Database)
Vulnerability Title
TechPowerUp ThrottleStop 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TechPowerUp ThrottleStop是TechPowerUp公司的一款用于监控和调整CPU性能的软件。 TechPowerUp ThrottleStop 3.0.0.0版本存在安全漏洞,该漏洞源于允许物理内存读写,可能导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
TechPowerUpThrottleStop 3.0.0.0 and possibly others -
II. Public POCs for CVE-2025-7771
#POC DescriptionSource LinkShenlong Link
1ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges.https://github.com/Yuri08loveElaina/CVE-2025-7771POC Details
2CVE-2025-7771: Arbitrary physical memory and I/O port read/write via ThrottleStop driverhttps://github.com/U65535F/ThrottleStopPoCPOC Details
3CVE-2025-7771 ThrottleStop.sys privilege escalation exploit - unrestricted IOCTL access to physical memory via MmMapIoSpacehttps://github.com/Demoo1337/ThrottleStopPOC Details
4CVE-2025-7771: Arbitrary physical memory and I/O port read/write via ThrottleStop driverhttps://github.com/fxrstor/ThrottleStopPoCPOC Details
5A exploit for the ThrottleStop driver.https://github.com/Gabriel-Lacorte/CVE-2025-7771POC Details
6Arbitrary physical memory read/write exploitation using ThrottleStop.sys (CVE-2025-7771) with superfetch address translation - Windows kernel security researchhttps://github.com/AmrHuss/throttlestop-exploit-rwPOC Details
7Poc for CVE-2025-7771 to modify PPL Protectionhttps://github.com/v31l0x1/ThrottleStopPPLPOC Details
8A simple PoC demonstrating the vulnerability in the ThrottleStop.sys driver, showcasing arbitrary physical memory read and write capabilities, as well as virtual-to-physical address translation using Superfetch.https://github.com/xM0kht4r/CVE-2025-7771POC Details
9This Poc demonstrate Arbitrary read/write primitives provided by CVE-2025-7771https://github.com/lzty/CVE-2025-7771POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-7771
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: TechPowerUp
Same weakness: CWE-782
V. Comments for CVE-2025-7771

No comments yet

Leave a comment