CVE-2025-61155
📋 TL;DR
CVE-2025-61155 is an access control vulnerability in GameDriverX64.sys anti-cheat driver that allows user-mode processes to send specially crafted IOCTL requests to terminate arbitrary processes without administrative privileges. This affects systems running the vulnerable anti-cheat driver version 7.23.4.7 or earlier. Attackers can exploit this to disrupt system stability and security by terminating critical services.
💻 Affected Systems
- GameDriverX64.sys anti-cheat driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through termination of security services, followed by privilege escalation or installation of persistent malware.
Likely Case
Disruption of gaming services, anti-cheat protection bypass, and potential system instability from terminated processes.
If Mitigated
Limited impact with proper access controls and monitoring, potentially only affecting non-critical processes.
🎯 Exploit Status
Exploitation requires user-mode access to craft and send IOCTL requests; no public proof-of-concept available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v7.23.4.8 or later
Vendor Advisory: https://www.hotta.com.tw
Restart Required: No
Instructions:
1. Check current driver version. 2. Update to v7.23.4.8 or later via game client or vendor update. 3. Verify the update applied successfully.
🔧 Temporary Workarounds
Restrict driver access
WindowsModify permissions on the driver device to prevent unauthorized user-mode access.
icacls "C:\Windows\System32\drivers\GameDriverX64.sys" /deny Users:(R)
🧯 If You Can't Patch
- Disable or uninstall the anti-cheat driver if not essential.
- Implement application whitelisting to block execution of exploit tools.
🔍 How to Verify
Check if Vulnerable:
Check driver version in Device Manager or via 'driverquery' command; if version is 7.23.4.7 or earlier, system is vulnerable.Check Version:
driverquery | findstr GameDriverX64Verify Fix Applied:
Confirm driver version is 7.23.4.8 or later and test IOCTL access attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Event logs showing process termination by non-admin users
- Driver access attempts in security logs
Network Indicators:
- None; this is a local exploit
SIEM Query:
EventID=4688 AND ProcessName LIKE '%exploit_tool%' AND TargetProcess IN ('lsass.exe', 'svchost.exe')