CVE-2025-64699

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

31/12/2025

Last modified:

31/12/2025

Description

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation.

Impact

References to Advisories, Solutions, and Tools

https://gist.github.com/GunP4ng/42b19ee99e94c315173b74a9fb26c2b9