CVE-2025-61155 is an access control vulnerability identified in the GameDriverX64.sys kernel-mode anti-cheat driver, specifically in versions 7.23.4.7 and earlier. The vulnerability arises because the driver improperly validates IOCTL (Input Output Control) requests received from user-mode processes. A non-administrative user-mode process can craft malicious IOCTL requests that the driver executes in kernel mode without sufficient checks. This lack of validation enables the attacker to terminate arbitrary processes, including critical system and security services, which can lead to system instability or denial of service conditions. The vulnerability requires local access with low privileges but does not require any user interaction, making it easier to exploit once local access is obtained. The CVSS v3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but high availability impact. The vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption), highlighting that improper handling of requests can exhaust or disrupt system resources. As of the published date, no known exploits have been reported in the wild, and no official patches have been linked, suggesting that mitigation relies on access control and monitoring. This vulnerability primarily affects systems running the vulnerable anti-cheat driver, which is likely used in gaming environments or platforms employing GameDriverX64.sys for cheat detection.

The primary impact of CVE-2025-61155 is on system availability. By allowing a low-privileged local user to terminate arbitrary processes, including critical system and security services, attackers can cause denial of service conditions, potentially crashing the system or disabling security protections. This can disrupt normal operations, cause data loss due to abrupt process termination, and increase the attack surface by disabling security services. Although confidentiality and integrity are not directly affected, the loss of availability can have cascading effects on organizational productivity and security posture. Organizations with multiple users on shared systems or gaming platforms are at higher risk, as any local user could exploit this vulnerability to disrupt other users or system functions. The lack of required user interaction and low privilege requirement lowers the barrier for exploitation once local access is gained. However, the need for local access limits remote exploitation scenarios. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially if attackers develop exploit code. Overall, the vulnerability poses a moderate risk to organizations relying on the affected anti-cheat driver, particularly in environments where local user access is common.

To mitigate CVE-2025-61155, organizations should implement strict local access controls to limit which users can interact with systems running the vulnerable GameDriverX64.sys driver. Employing the principle of least privilege to restrict user permissions can reduce the risk of exploitation. Monitoring and logging IOCTL requests to the driver may help detect suspicious or malformed requests indicative of exploitation attempts. Until an official patch is released, consider isolating systems running the vulnerable driver from untrusted users or networks. If possible, disable or replace the vulnerable anti-cheat driver with an updated or alternative solution that properly validates IOCTL requests. Security teams should maintain close communication with the vendor for timely patch releases and apply updates promptly once available. Additionally, implementing host-based intrusion detection systems (HIDS) that can detect abnormal process terminations or kernel-mode driver anomalies can provide early warning of exploitation attempts. Regularly auditing system and security service statuses can help identify disruptions caused by this vulnerability. Finally, educating users about the risks of local privilege misuse and enforcing strong endpoint security policies will further reduce exposure.