CVE-2025-61037 — HIGH (7.0)

Vulnerability Description

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The flaw is a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files without verifying whether the path is an NTFS reparse point. By exploiting this race condition, an attacker can replace the target directory with a junction pointing to a user-controlled path. This causes the SYSTEM-level process to drop binaries in a location fully controlled by the attacker, allowing arbitrary code execution with SYSTEM privileges. The vulnerability can be exploited by any standard user with only a single UAC confirmation, making it highly practical and dangerous in real-world environments.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sevencs	Ec2007 Kernel	5.22
Sevencs	Orca G2	2.0.1.35

Related Weaknesses (CWE)

CWE-367

References

https://gist.github.com/jc0818/233462416579661e4e2795f96457a6bfExploitThird Party Advisory

FAQ

What is CVE-2025-61037?

CVE-2025-61037 is a vulnerability with a CVSS score of 7.0 (HIGH). A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The flaw is a Time-of-Check Time-of-Use (TOCTOU) race condition in the license management logic. Th...

How severe is CVE-2025-61037?

CVE-2025-61037 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61037?

Check the references section above for vendor advisories and patch information. Affected products include: Sevencs Ec2007 Kernel, Sevencs Orca G2.