CVE-2025-1055 PoC — K7 Computing Security Anti-Malware suite 安全漏洞

Source

https://github.com/diego-tella/CVE-2025-1055-poc

Associated Vulnerability

Title:K7 Computing Security Anti-Malware suite 安全漏洞 (CVE-2025-1055)
Description:K7 Computing Security Anti-Malware suite是美国K7 Computing的一款防病毒软件。 K7 Computing Security Anti-Malware suite存在安全漏洞，该漏洞源于驱动IOCTL处理程序缺少访问控制，可能导致本地低权限用户终止高权限进程，造成拒绝服务。

Description

PoC for CVE-2025-1055 and CVE-2025-52915 using K7RKScan.sys

Readme

# CVE-2025-1055-poc
PoC for CVE-2025-1055 and CVE-2025-52915 using K7RKScan.sys.  This PoC use the `0x222018` IOCTL to terminate arbitrary processes.

# Usage

Installing driver:

```
sc.exe create K7RKScan_1516.sys binPath=C:\Users\Administrator\Downloads\K7RKScan_1516.sys type=kernel && sc.exe start K7RKScan_1516.sys
```

Running PoC:

```
exploit.exe
```

It will terminate the `MsMpEng.exe` process (windows defender).

# References

https://blacksnufkin.github.io/posts/BYOVD-CVE-2025-52915/

File Snapshot


 [4.0K]  /data/pocs/7f573457ce10dd3d8d048acf7b045da0a4060bb9
├── [1.6K]  exploit.c
├── [ 27K]  K7RKScan_1516.sys
├── [ 55K]  K7RKScan_2310.sys
└── [ 499]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!