cvedb.io
CVE-2025-64699
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-12-31T16:15:48.110 · Last modified 2026-06-17T09:55:03.540

Summary

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw disk operations, which could lead to system disruption (DoS) and exposure of sensitive data, and may facilitate local privilege escalation.

Affected products

sevencs — ec2007_kernel

Does this affect you?

Add your gear to cvedb and we'll alert you only when sevencs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.