CVE-2025-65264 in CPU-Z
Summary
by MITRE • 01/27/2026
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/27/2026
The vulnerability identified as CVE-2025-65264 resides within the kernel driver component of CPUID CPU-Z version 2.17 and earlier releases, representing a critical security flaw that undermines the integrity of the system's privileged execution environment. This issue manifests through the driver's insufficient validation of user-supplied parameters when processing IOCTL (Input/Output Control) requests, creating an avenue for malicious exploitation that could compromise system security and confidentiality. The flaw directly impacts the driver's ability to enforce proper input sanitization, allowing attackers to craft specially designed IOCTL requests that bypass normal security boundaries.
The technical implementation of this vulnerability stems from inadequate parameter validation within the kernel driver's IOCTL handling mechanism, which operates under the assumption that all incoming requests originate from trusted sources. This design flaw enables attackers to manipulate input parameters in ways that could expose sensitive system information through controlled access to the driver's memory space. The vulnerability specifically affects the driver's IOCTL interface where user-mode applications communicate with kernel-mode components, creating a direct pathway for information disclosure attacks. According to CWE classification, this represents a variant of CWE-129 Input Validation, specifically manifesting as insufficient validation of input parameters in kernel-mode drivers, which falls under the broader category of privilege escalation vulnerabilities.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with potential access to sensitive system data that could include hardware configuration details, memory addresses, or other confidential information that could be leveraged for further exploitation. Attackers could potentially use this vulnerability to gather system intelligence that would aid in planning more sophisticated attacks, including those targeting other system components or attempting to escalate privileges within the operating system. The vulnerability's exploitation requires minimal privileges since it operates through the standard IOCTL interface that applications typically use to communicate with kernel drivers, making it particularly dangerous as it can be triggered by any user-level process that has access to the driver.
Mitigation strategies for CVE-2025-65264 should prioritize immediate patching of affected CPU-Z versions to ensure that proper input validation is implemented within the kernel driver's IOCTL handling code. System administrators should also consider implementing runtime monitoring to detect suspicious IOCTL activity patterns that could indicate exploitation attempts. The vulnerability aligns with several ATT&CK techniques including T1059 Command and Scripting Interpreter and T1068 Exploitation for Privilege Escalation, as it provides a mechanism for attackers to gain unauthorized access to system resources. Organizations should also review their patch management processes to ensure timely deployment of security updates and consider implementing application whitelisting policies to prevent execution of unauthorized kernel drivers. Additionally, the vulnerability underscores the importance of proper kernel driver security practices and the necessity of rigorous input validation in all system components that operate at elevated privilege levels, particularly those that interface directly with hardware or system memory.