CVE-2025-61155 is a medium severity access control vulnerability found in the GameDriverX64.sys kernel-mode anti-cheat driver, version 7.23.4.7 and earlier. This driver is designed to prevent cheating in games by operating at the kernel level, which inherently requires high privileges. The vulnerability arises because one of its IOCTL (Input Output Control) handlers does not enforce proper access validation or authentication. Consequently, any user-mode process, even without administrative privileges, can open a handle to the device exposed by the driver and send specially crafted IOCTL requests. These requests are executed in kernel mode, allowing the attacker to terminate arbitrary processes, including critical system processes and security services, thus impacting system availability. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates that the attack requires local access with low complexity and low privileges, no user interaction, and impacts availability only. The vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption), suggesting that the exploit could lead to denial of service by terminating essential processes. No patches or exploits are currently reported, but the risk remains significant due to the ability to disrupt critical services without elevated privileges. The vulnerability affects Windows systems running the vulnerable anti-cheat driver, commonly bundled with certain gaming applications or platforms.

For European organizations, the primary impact of CVE-2025-61155 is the potential disruption of critical system and security services due to unauthorized termination of processes by non-privileged users. This could lead to denial of service conditions, reduced system reliability, and exposure to further attacks if security services are disabled. Organizations with employees or users running affected gaming software on corporate or personal machines connected to the network might experience indirect impacts such as increased helpdesk workload, potential lateral movement by attackers exploiting this vulnerability, or interruptions in business continuity. While confidentiality and integrity are not directly impacted, availability degradation can affect operational efficiency and security posture. Additionally, gaming companies or esports organizations in Europe could face reputational damage or operational challenges if their anti-cheat mechanisms are compromised. The lack of required administrative privileges lowers the barrier for exploitation, increasing the risk in environments where users have local access but limited privileges.

To mitigate CVE-2025-61155, organizations should first identify systems running the vulnerable GameDriverX64.sys driver version 7.23.4.7 or earlier. Since no official patch is currently available, immediate mitigation involves restricting access to the driver device by enforcing strict access control policies at the OS level, such as modifying device permissions to prevent non-administrative users from opening handles to the driver. Employ application whitelisting and endpoint protection solutions to monitor and block unauthorized IOCTL requests or suspicious local processes attempting to interact with the driver. Network segmentation and least privilege principles should be enforced to limit local user access to critical systems. Organizations should monitor system logs for abnormal process terminations and unusual IOCTL activity. Coordination with the vendor for timely patch deployment once available is critical. Additionally, educating users about the risks of running untrusted software and maintaining updated endpoint security can reduce exploitation likelihood.