Exposed IOCTL with Insufficient Access Control
CVE-2025-26125
Summary
An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- LOW
- HIGH
- HIGH
CWE-782 - Exposed IOCTL with Insufficient Access Control
The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
References
Advisory Timeline
- Published
