EUVD-2025-23820

Malicious code in bioql PyPI...

Exploit for CVE-2025-7771

CVE-2025-7771 Minimal exploit to...

Exploit for CVE-2025-7771

CVE-2025-7771 – ThrottleStop.sys Privilege Escalation Vuln...

CVE-2025-7771

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

Driver of destruction: How a legitimate driver is being used to take down AV processes

Introduction In a recent incident response case in Brazil, we spotted intriguing new antivirus AV killer software that has been circulating in the wild since at least October 2024. This malicious artifact abuses the ThrottleStop.sys driver, delivered together with the malware, to terminate numero...

CVE-2025-7771 Code Execution / Escalation of Privileges in ThrottleStop

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

PT-2025-32145

Name of the Vulnerable Software and Affected Versions ThrottleStop versions 3.0.0.0 and possibly others ThrottleStop.sys affected versions not specified Description The ThrottleStop.sys driver contains a flaw related to insecure implementation of IOCTL interfaces, specifically with the MmMapIoSpa...