ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 07 Aug 2025 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Techpowerup
Techpowerup throttlestop
Vendors & Products Techpowerup
Techpowerup throttlestop

Wed, 06 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Aug 2025 09:45:00 +0000

Type Values Removed Values Added
Description ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Title Code Execution / Escalation of Privileges in ThrottleStop
Weaknesses CWE-782
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published:

Updated: 2025-08-06T20:25:31.602Z

Reserved: 2025-07-17T15:54:18.122Z

Link: CVE-2025-7771

cve-icon Vulnrichment

Updated: 2025-08-06T20:25:27.017Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-06T10:15:35.597

Modified: 2025-08-06T20:23:37.600

Link: CVE-2025-7771

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-06T15:12:33Z