VulnCheck KEV: CVE-2025-68947

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver...

CVE-2025-68947

NSecsoft NSecKrnl is a Windows driver that permits a local, authenticated attacker to terminate processes owned by other users (including SYSTEM and Protected Processes) by sending crafted IOCTL requests. Multiple sources (including Reynolds ransomware and CVE records) describe this as a BYOVD an...

NSecsoft NSecKrnl 安全漏洞

NSecsoft NSecKrnl is the underlying core module of a terminal protection software from China Anzai NSecsoft. A security vulnerability exists in NSecsoft NSecKrnl, which originates from a local attacker being able to terminate another user's process via a specially crafted IOCTL request...

PT-2026-2558

Name of the Vulnerable Software and Affected Versions NSecsoft NSecKrnl versions prior to January 2026 Description The NSecKrnl Windows driver contains a flaw that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes. This is...

NSecKrnl driver terminates system processes with crafted IOCTL requests

RISK EVALUATION NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver. 2. RECOMMENDED PRACTICES Enable the Windows Vulnerable Driver...