CVE-2025-29547 is a high-severity vulnerability identified in the Rollback Rx Professional software version 12.8.0.0. The vulnerability resides in the driver file shieldm.sys, which is part of the system's kernel-mode components. Specifically, the flaw is a null pointer dereference triggered by a crafted IOCTL (Input Output Control) request with the code 0x96202000. This vulnerability is classified under CWE-476 (NULL Pointer Dereference), which typically leads to system instability or crashes. The flaw allows a local attacker—meaning someone with access to the affected system—to cause a denial of service (DoS) by crashing the driver, which in turn can lead to a system crash or blue screen of death (BSOD). The CVSS 3.1 base score is 7.0, indicating a high severity level. The vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H indicates that the attack vector is network (AV:N), but requires high attack complexity (AC:H), no privileges (PR:N), no user interaction (UI:N), unchanged scope (S:U), low impact on confidentiality and integrity (C:L/I:L), and high impact on availability (A:H). However, the description states local users can exploit it, which suggests some ambiguity in the vector. The vulnerability does not require user interaction or privileges, but the attack complexity is high, implying exploitation is non-trivial. No patches or known exploits in the wild are reported as of the publication date (April 22, 2025). The vulnerability affects the availability of systems running Rollback Rx Professional 12.8.0.0 by causing system crashes, which could disrupt operations, especially in environments relying on this software for system rollback and recovery.

For European organizations, the primary impact of CVE-2025-29547 is the potential for denial of service on systems running Rollback Rx Professional 12.8.0.0. Rollback Rx is often used in enterprise environments, educational institutions, and managed service providers to maintain system integrity and enable quick recovery from system faults or malware infections. A successful exploitation could lead to system crashes, causing downtime and potentially interrupting critical business processes. This is particularly impactful in sectors where system availability is crucial, such as finance, healthcare, and manufacturing. Additionally, repeated crashes could lead to data loss or corruption if rollback snapshots are affected. Since the vulnerability requires local access, the threat is more significant in environments where multiple users have access to the same systems or where endpoint security is weak. The high attack complexity reduces the likelihood of widespread exploitation but does not eliminate risk in targeted attacks or insider threat scenarios. The lack of known exploits in the wild suggests limited current threat activity, but organizations should remain vigilant given the high availability impact.

1. Restrict local access: Limit user permissions and access to systems running Rollback Rx Professional to trusted personnel only. 2. Monitor and audit local user activities to detect any suspicious attempts to invoke IOCTL calls or unusual system behavior. 3. Implement application whitelisting and endpoint protection solutions that can detect and block anomalous driver interactions or attempts to exploit kernel drivers. 4. Use system hardening techniques to reduce the attack surface, such as disabling unnecessary services and drivers. 5. Maintain regular backups independent of Rollback Rx snapshots to ensure recovery options in case of system crashes. 6. Engage with the software vendor or community to obtain patches or updates as soon as they become available, and apply them promptly. 7. Employ virtualization or sandboxing for testing Rollback Rx updates before deployment to production environments. 8. Educate users about the risks of local exploitation and enforce strict physical and logical access controls to prevent unauthorized local access. 9. Consider deploying host-based intrusion detection systems (HIDS) that can alert on kernel driver crashes or abnormal IOCTL requests. These measures go beyond generic advice by focusing on local access control, monitoring specific driver interactions, and maintaining robust backup strategies.