Description

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation.

INFO

Published Date :

2025-12-31T00:00:00.000Z

Last Modified :

2026-01-02T17:40:32.273Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64699 vulnerability.

Vendors Products
Sevencs
  • Ec2007 Kernel
  • Orca G2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64699.

URL Resource
https://gist.github.com/GunP4ng/42b19ee99e94c315173b74a9fb26c2b9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact