CVE-2025-7771

This exploit leverages a kernel out-of-bounds write vulnerability in the Throttlestop driver to achieve privilege escalation by disabling protections on the LSASS process and injecting a malicious DLL. It demonstrates full exploit chain functionality, including driver installation, memory manipulation, and process protection bypass.

The repository contains a functional exploit PoC for CVE-2025-7771, targeting the ThrottleStop.sys driver to terminate arbitrary processes via a vulnerable IOCTL. The PoC includes detailed technical analysis and a working C-based exploit.

This repository provides a detailed technical analysis of BYOVD (Bring-Your-Own-Vulnerable-Driver) techniques, focusing on CVE-2026-0828 and CVE-2025-7771. It includes research notes, mitigation strategies, and safe reconnaissance code but does not contain functional exploit code.

The repository contains a functional exploit for CVE-2025-7771, a privilege escalation vulnerability in ThrottleStop.sys due to exposed IOCTLs allowing arbitrary kernel memory read/write. The exploit leverages DeviceIoControl to patch kernel structures and escalate privileges.

This repository contains a functional exploit PoC for CVE-2025-7771, demonstrating arbitrary physical memory and I/O port read/write via the ThrottleStop driver. The exploit leverages vulnerable IOCTLs to perform these operations and includes code for virtual-to-physical address translation.

The repository contains a functional exploit for CVE-2025-7771, demonstrating arbitrary physical memory read/write via a vulnerable driver (ThrottleStop.sys). It includes code for virtual-to-physical address translation and driver interaction to manipulate kernel memory.

This repository contains a functional exploit for CVE-2025-7771, which abuses the ThrottleStop driver to invoke arbitrary kernel-mode functions from usermode. The exploit demonstrates calling the kernel function 'DbgPrint' as a proof of concept.

This repository contains a functional exploit PoC for CVE-2025-7771, targeting the ThrottleStop.sys driver to achieve arbitrary physical memory read/write and virtual-to-physical address translation. The exploit leverages Superfetch for address translation and provides commands for process protection/hiding.

This repository contains a functional proof-of-concept exploit for CVE-2025-7771, demonstrating local privilege escalation via unrestricted IOCTL interfaces in ThrottleStop.sys. The exploit leverages physical memory read/write operations to achieve arbitrary code execution in kernel context.

This repository contains a functional proof-of-concept exploit for CVE-2025-7771, leveraging arbitrary physical memory read/write capabilities in the ThrottleStop driver to manipulate Protected Process Light (PPL) protection levels on Windows Server 2022.

The repository contains a scanner for CVE-2024-21762, a Fortinet SSL VPN vulnerability, which checks for the presence of the vulnerability by sending crafted HTTP requests. It also includes writeups for other CVEs like CVE-2024-10654, detailing authentication bypass vulnerabilities in TOTOLINK devices.

This repository contains a functional Rust-based exploit for CVE-2025-7771, leveraging a vulnerable driver binary embedded as a static array to achieve arbitrary read/write primitives. The exploit includes components for driver interaction, service management, and memory manipulation, indicating a local privilege escalation (LPE) attack.

This repository provides a detailed technical analysis of CVE-2025-7771, a vulnerability in ThrottleStop.sys that allows arbitrary physical memory read/write via exposed IOCTLs. The writeup includes root cause analysis, exploitation chain, and HVCI bypass mechanisms.

This repository contains a functional exploit for CVE-2025-7771, which leverages arbitrary physical memory read/write via ThrottleStop.sys IOCTL handlers to escalate privileges by stealing the SYSTEM token. The exploit uses Superfetch to build a virtual-to-physical memory map and targets Windows 10/11 x64 systems.

This repository contains a functional exploit PoC for CVE-2025-7771, demonstrating arbitrary physical memory and I/O port read/write via the ThrottleStop driver. The exploit leverages vulnerable IOCTLs to achieve these operations and includes code for virtual-to-physical address translation.