7.8

CVE-2025-64699

Exploit

EPSS 0.02%
Veröffentlicht 31.12.2025 00:00:00
Zuletzt bearbeitet 14.01.2026 20:33:11
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sevencs ≫ Ec2007 Kernel Version5.22

Sevencs ≫ Orca G2 Version2.0.1.35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://gist.github.com/GunP4ng/42b19ee99e94c315173b74a9fb26c2b9

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-64699

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64699

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64699

EUVD