CVE-2025-61155

CVE-2025-61155 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including pollotherunner.

AI-analyzed exploit summary This PoC demonstrates arbitrary process termination via a vulnerable IOCTL handler in the GameDriverX64.sys anti-cheat driver. It communicates with the driver to terminate a specified process (e.g., notepad.exe) by sending a crafted IOCTL request.

The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in kernel-mode context without proper authentication or access validation, allowing the attacker to terminate arbitrary processes, including critical system and security services, without requiring administrative privileges.