CVE-2025-70795
published 2026-04-17CVE-2025-70795: STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that…
PriorityP279medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.20%
10.3th percentile
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. Unauthorized processes load the driver and send a crafted IOCTL request (0xB822200C) to terminate processes protected by a third-party implementation. This action exploits insufficient caller validation in the driver's IOCTL handler, allowing unauthorized processes to perform termination operations in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-42p2-73mx-2pch: STProcessMonitor 11
ghsa_unreviewed·2026-04-17
CVE-2025-70795 [MEDIUM] CWE-269 GHSA-42p2-73mx-2pch: STProcessMonitor 11
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. Unauthorized processes load the driver and send a crafted IOCTL request (0xB822200C) to terminate processes protected by a third-party implementation. This action exploits insufficient caller validation in the driver's IOCTL handler, allowing unauthorized processes to perform termination operations in kernel space. Suc
VulDB
STProcessMonitor up to 11.11.4.0 IOCTL denial of service (ID 268)
vuldb·2026-04-17·CVSS 5.5
CVE-2025-70795 [MEDIUM] STProcessMonitor up to 11.11.4.0 IOCTL denial of service (ID 268)
A vulnerability classified as problematic was found in STProcessMonitor up to 11.11.4.0. The affected element is an unknown function of the component IOCTL Handler. Executing a manipulation can lead to denial of service.
This vulnerability appears as CVE-2025-70795. The attacker needs to be present on the local network. There is no available exploit.
It is best practice to apply a patch to resolve this issue.
VulnCheck
Safetica Kernel Driver Privileged Termination Vulnerability
vulncheck·2025
CVE-2025-70795 Safetica Kernel Driver Privileged Termination Vulnerability
Safetica Kernel Driver Privileged Termination Vulnerability
STProcessMonitor Driver contains an insecure IOCTL vulnerability that allows local attackers to terminate arbitrary kernel processes by bypassing validation. Attackers can exploit the exposed process termination functionality to disable security products and gain control of the affected system.
Affected: Safetica STProcessMonitor.sys
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://bbs.kafan.cn/thread-2288675-1-1.html; https://xcancel.com/anylink20240604/status/2022651540125958408#m
Exploit PoC: https://vulncheck.com/xdb/8761250f3830
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bbs.kafan.cn/thread-2287429-1-1.htmlhttps://bbs.kafan.cn/thread-2287429-2-1.htmlhttps://github.com/magicsword-io/LOLDrivers/commit/eea8326bf891d810902203e9ac5cfdeaf5a17a1chttps://github.com/magicsword-io/LOLDrivers/issues/268https://www.virustotal.com/gui/file/70bcec00c215fe52779700f74e9bd669ff836f594df92381cbfb7ee0568e7a8bhttps://www.virustotal.com/gui/file/9ace6a1e4bee5834be38b4c2fd26780d1fcc18ea9d58224e31d6382c19e53296https://www.virustotal.com/gui/file/fc3588482f596a067b65d5d64d21fe62463b38a138fc87d8d2350efa86d34284
2026-04-17
Published
Exploited in the wild