CVE-2025-8061

This repository contains a functional exploit PoC for CVE-2025-8061, targeting the Lenovo LnvMSRIO.sys driver (version 3.1.0.36) to achieve local privilege escalation (LPE) by leveraging arbitrary read/write primitives to bypass SMEP and execute token-stealing shellcode. The exploit includes detailed technical notes on offset adjustments, ASLR bypass techniques, and shellcode modifications for different Windows versions.

This repository provides a detailed technical analysis of CVE-2025-8061, a vulnerability in the Lenovo MSR I/O Driver (LnvMSRIO.sys) that allows arbitrary physical memory read/write operations. It includes IOCTL details, input structures, and exploitation techniques using Superfetch for VA-to-PA translation.

This repository contains a functional proof-of-concept exploit for CVE-2025-8061, targeting the Lenovo Dispatcher driver (LnvMSRIO.sys). The exploit leverages read/write primitives to steal the system token from ntoskrnl.exe by translating virtual to physical addresses using Superfetch/PFN and overwriting the NtAddAtom function with shellcode.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.