CWE-782
AllowedExposed IOCTL with Insufficient Access Control
Abstraction: Variant · Status: Draft
The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
50 vulnerabilities reference this CWE, most recent first.
GHSA-GQ25-2CXW-WFMP
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2025-27535"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T17:16:14Z",
"severity": "MODERATE"
},
"details": "Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
"id": "GHSA-gq25-2cxw-wfmp",
"modified": "2026-02-10T18:30:39Z",
"published": "2026-02-10T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27535"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H3XP-FGM5-94VX
Vulnerability from github – Published: 2024-05-07 15:30 – Updated: 2024-07-03 18:39An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.
{
"affected": [],
"aliases": [
"CVE-2024-32370"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-07T15:15:08Z",
"severity": "CRITICAL"
},
"details": "An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.",
"id": "GHSA-h3xp-fgm5-94vx",
"modified": "2024-07-03T18:39:22Z",
"published": "2024-05-07T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32370"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/639.html"
},
{
"type": "WEB",
"url": "https://github.com/chucrutis/CVE-2024-32370"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J48R-9CXH-CCPX
Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-18 18:32An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.
{
"affected": [],
"aliases": [
"CVE-2025-47761"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T17:16:02Z",
"severity": "HIGH"
},
"details": "An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.",
"id": "GHSA-j48r-9cxh-ccpx",
"modified": "2025-11-18T18:32:53Z",
"published": "2025-11-18T18:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47761"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-112"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JV52-Q48W-CM7J
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138
{
"affected": [],
"aliases": [
"CVE-2025-15641"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T13:19:13Z",
"severity": "MODERATE"
},
"details": "Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s)\n * Product Name: Netskope Client\n * Affected Platform: Windows\n * Affected Version: All version below R138",
"id": "GHSA-jv52-q48w-cm7j",
"modified": "2026-06-17T18:35:42Z",
"published": "2026-06-17T18:35:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15641"
},
{
"type": "WEB",
"url": "https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-P743-VM74-R5X3
Vulnerability from github – Published: 2024-05-22 18:30 – Updated: 2024-08-01 15:31An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
{
"affected": [],
"aliases": [
"CVE-2024-33222"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-22T16:15:09Z",
"severity": "HIGH"
},
"details": "An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.",
"id": "GHSA-p743-vm74-r5x3",
"modified": "2024-08-01T15:31:45Z",
"published": "2024-05-22T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33222"
},
{
"type": "WEB",
"url": "https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33222"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP2J-9HQV-7X55
Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2025-10-22 00:32Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
{
"affected": [],
"aliases": [
"CVE-2021-21551"
],
"database_specific": {
"cwe_ids": [
"CWE-782",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-04T16:15:00Z",
"severity": "HIGH"
},
"details": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.",
"id": "GHSA-pp2j-9hqv-7x55",
"modified": "2025-10-22T00:32:08Z",
"published": "2022-05-24T17:49:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21551"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q74F-J88C-7G46
Vulnerability from github – Published: 2026-05-08 03:30 – Updated: 2026-05-08 03:30An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.
{
"affected": [],
"aliases": [
"CVE-2026-6737"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T03:16:24Z",
"severity": "LOW"
},
"details": "An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable\u00a0via crafted IOCTL requests.Refer to the \u0027\nSecurity Update for ASUS Precision Touchpad\u00a0\u0027 section on the ASUS Security Advisory for more information.",
"id": "GHSA-q74f-j88c-7g46",
"modified": "2026-05-08T03:30:24Z",
"published": "2026-05-08T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6737"
},
{
"type": "WEB",
"url": "https://www.asus.com/security-advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X42P-Q354-PX3C
Vulnerability from github – Published: 2026-06-01 18:31 – Updated: 2026-06-01 21:30Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.
{
"affected": [],
"aliases": [
"CVE-2026-8501"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T17:17:35Z",
"severity": "HIGH"
},
"details": "Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.",
"id": "GHSA-x42p-q354-px3c",
"modified": "2026-06-01T21:30:41Z",
"published": "2026-06-01T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8501"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/158530"
},
{
"type": "WEB",
"url": "https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules"
},
{
"type": "WEB",
"url": "https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-definition-language"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/158530"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCWR-X5FM-7JMR
Vulnerability from github – Published: 2025-08-01 15:34 – Updated: 2025-08-01 15:34Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.
{
"affected": [],
"aliases": [
"CVE-2023-44976"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-01T14:15:34Z",
"severity": "LOW"
},
"details": "Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.",
"id": "GHSA-xcwr-x5fm-7jmr",
"modified": "2025-08-01T15:34:18Z",
"published": "2025-08-01T15:34:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44976"
},
{
"type": "WEB",
"url": "https://github.com/keowu/BadRentdrv2"
},
{
"type": "WEB",
"url": "https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XCXV-MC83-GMW5
Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-19 21:30An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.
{
"affected": [],
"aliases": [
"CVE-2025-26125"
],
"database_specific": {
"cwe_ids": [
"CWE-782"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-17T18:15:21Z",
"severity": "MODERATE"
},
"details": "An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.",
"id": "GHSA-xcxv-mc83-gmw5",
"modified": "2025-03-19T21:30:49Z",
"published": "2025-03-17T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26125"
},
{
"type": "WEB",
"url": "https://github.com/ZeroMemoryEx/CVE-2025-26125"
},
{
"type": "WEB",
"url": "https://github.com/ZeroMemoryEx/IObit-EoP"
},
{
"type": "WEB",
"url": "https://x.com/zeromemoryex/status/1876878269200449819"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
In Windows environments, use proper access control for the associated device or device namespace. See References.
No CAPEC attack patterns related to this CWE.