Description:
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.
CVE-2025-67826
List of Affected Products
K7 Ultimate Security
Fixed Versions
K7 Computing recommends that all customers update their products to the corresponding minimum versions shown below:
K7 Ultimate Security (17.0.2057 or Higher) [K7Sentry.sys v22.0.0.74 or above]
Acknowledgments
We would like to express our gratitude to Quarkslab for reporting this vulnerability with comprehensive details and working with us to evaluate the fixes.
