PatchSiren cyber security CVE debrief
CVE-2025-68947 NSecsoft CVE debrief
CVE-2025-68947 is a medium-severity vulnerability in the NSecsoft NSecKrnl Windows driver. A local, authenticated attacker can exploit this vulnerability by issuing crafted IOCTL requests to terminate processes owned by other users, including SYSTEM and Protected Processes. The vulnerability has a CVSS score of 4.7 and was published on January 13, 2026. The CVE record and NVD detail provide additional information on this vulnerability. According to the CISA CSAF source item, the vulnerability affects NSecsoft NSecKrnl versions prior to an unspecified version.
- Vendor
- NSecsoft
- Product
- NSecKrnl
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-01-13
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-01-13
Who should care
System administrators and security teams responsible for Windows systems and NSecsoft NSecKrnl should be aware of this vulnerability. They should review their systems for potential exposure and consider implementing compensating controls. Additionally, security researchers and threat intelligence teams may be interested in this vulnerability as a potential target for attackers.
Technical summary
The NSecsoft NSecKrnl Windows driver is vulnerable to a privilege escalation attack. A local, authenticated attacker can terminate processes owned by other users, including SYSTEM and Protected Processes, by issuing crafted IOCTL requests to the driver. This vulnerability has a CVSS score of 4.7 and is classified as medium-severity. The vulnerability is addressed by enabling the Windows Vulnerable Driver Blocklist and monitoring for driver and service installation activity that references non-default, user-writable paths.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it could be used by attackers to gain elevated privileges on a system. System administrators should review their systems for potential exposure and consider implementing compensating controls.
Recommended defensive actions
- Enable the Windows Vulnerable Driver Blocklist
- Monitor for driver and service installation activity that references non-default, user-writable paths
- Review system configurations for potential exposure
- Implement compensating controls to detect and prevent exploitation
- Consider upgrading to a patched version of NSecsoft NSecKrnl
Evidence notes
The CISA CSAF source item provides detailed information on this vulnerability, including its description, affected products, and remediations. The CVE record and NVD detail provide additional information on this vulnerability. However, the source-specific facts are limited, and additional research may be necessary to fully understand the vulnerability and its potential impact.
Official resources
-
CVE-2025-68947 CVE record
CVE.org
-
CVE-2025-68947 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This article is AI-assisted and based on the supplied source corpus.