← Back

CVE-2025-64699

nvd nist
Published: Dec 31, 2025Modified: Jan 14, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation.

Affected (2)

Sevencs
2 products
Ec2007 Kernel
Orca G2
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ec2007 Kernel
Version 5.22
Orca G2
Version 2.0.1.35

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.