CVE-2025-65264 – A vulnerability in CPUID CPU-Z's kernel driver ... (How to Fix)

Q: What is the severity of CVE-2025-65264?

CVE-2025-65264 has a CVSS score of 5.5 (MEDIUM). A vulnerability in CPUID CPU-Z's kernel driver allows attackers to read sensitive kernel memory through unvalidated IOCTL requests. This affects all users running CPU-Z version 2.17 or earlier on Windows systems. The vulnerability enables information disclosure but not code execution.

📋 TL;DR

A vulnerability in CPUID CPU-Z's kernel driver allows attackers to read sensitive kernel memory through unvalidated IOCTL requests. This affects all users running CPU-Z version 2.17 or earlier on Windows systems. The vulnerability enables information disclosure but not code execution.

💻 Affected Systems

Products:

CPUID CPU-Z

Versions: v2.17 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CPU-Z to be installed and running with its kernel driver loaded. The vulnerability is in the kernel driver component.

📦 What is this software?

Cpu Z by Cpuid

View all CVEs affecting Cpu Z →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read kernel memory containing sensitive information like passwords, encryption keys, or system configuration data, potentially leading to privilege escalation or lateral movement.

🟠

Likely Case

Local attackers could read kernel memory to gather system information, potentially enabling further attacks or bypassing security controls.

🟢

If Mitigated

With proper access controls, only authorized users could exploit this vulnerability, limiting exposure to trusted accounts.

🌐 Internet-Facing: LOW - This requires local access to the system and cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Local attackers or malware could exploit this to gather sensitive system information for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available on GitHub. Requires local access and ability to interact with the driver interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.18 or later

Vendor Advisory: https://www.cpuid.com/softwares/cpu-z.html

Restart Required: No

Instructions:

1. Download CPU-Z v2.18 or later from cpuid.com. 2. Install the new version. 3. Verify the driver version has been updated.

🔧 Temporary Workarounds

Remove CPU-Z

windows

Uninstall CPU-Z to remove the vulnerable kernel driver

Control Panel > Programs > Uninstall CPU-Z

Restrict driver access

windows

Use Windows security policies to restrict access to the CPU-Z driver

🧯 If You Can't Patch

Remove CPU-Z from production systems if not essential
Implement strict access controls to limit who can run CPU-Z

🔍 How to Verify

Check if Vulnerable:

Check CPU-Z version in Help > About. If version is 2.17 or earlier, you are vulnerable.

Check Version:

cpu-z.exe --version or check Help > About in the GUI

Verify Fix Applied:

Verify CPU-Z version is 2.18 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Unusual IOCTL requests to CPU-Z driver
Multiple failed driver access attempts

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

EventID=4656 AND ObjectName LIKE '%cpuz%' AND AccessMask=0x12019F

📊 Metadata

CVE ID: CVE-2025-65264

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-20

EPSS Score: 0.02% exploit probability (3.7th percentile)

Published: January 27, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/cwjchoi01/CVE-2025-65264 Exploit,Third Party Advisory
https://www.cpuid.com/softwares/cpu-z.html Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65264, you might also want to check these: