← Back

CVE-2025-67826

nvd nist
Published: Dec 22, 2025Modified: Jan 2, 2026

JSON object

Loading...
7.7
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.5 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.

Affected (1)

K7computing
1 product
K7 Ultimate Security
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
K7 Ultimate Security
Version 17.0.2045

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Product

Timeline

No history available yet.