CVE-2025-0222

CVSS v4.0

6.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions IObit Protected Folder versions up to 13.6.0.5

Description A problem has been found in the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler, which leads to null pointer dereference. The manipulation must be done locally. The issue has been disclosed to the public. The vendor was contacted about this disclosure but did not respond.

Recommendations For IObit Protected Folder versions up to 13.6.0.5, as a temporary workaround, consider disabling the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

BDU:2025-02207

CVE-2025-0222

Affected Products

Iobit Protected Folder

CVE-2025-0222

Weakness Enumeration

Related Identifiers

Affected Products

References · 11