Vulnerabilities > CVE-2025-0223 - NULL Pointer Dereference vulnerability in I0Bit Protected Folder

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

i0bit

CWE-476

NVD

Published: 2025-01-05

Updated: 2025-01-23

Summary

A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Configurations

Part	Description	Count
Application	I0Bit I0Bit Protected Folder 13.6.0.1 I0Bit Protected Folder 13.6.0.2 I0Bit Protected Folder 13.6.0.3 I0Bit Protected Folder 13.6.0.4 I0Bit Protected Folder 13.6.0.5	5

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References