CrowdStrike has disclosed and launched patches for 2 medium-severity vulnerabilities in its Falcon sensor for Home windows that might enable an attacker to delete arbitrary recordsdata.
The safety vulnerabilities, designated as CVE-2025-42701 and CVE-2025-42706, require an attacker to have already gained the power to execute code on a goal system.
The corporate has said that there isn’t a proof of those vulnerabilities being exploited within the wild and that fixes can be found for all affected clients.
CrowdStrike Falcon Home windows Sensor Vulnerability
The 2 vulnerabilities originate from several types of weaknesses inside the Falcon sensor software program.
The primary, CVE-2025-42701, is a Time-of-check Time-of-use (TOCTOU) race situation, categorized beneath CWE-367. This flaw has been assigned a CVSS 3.1 rating of 5.6 (Medium).
The second, CVE-2025-42706, is a logic error associated to origin validation (CWE-346) and has a barely larger CVSS 3.1 rating of 6.5 (Medium).
Each vulnerabilities present a pathway for a risk actor who has already compromised a system to escalate their influence. By exploiting these points, an attacker may delete arbitrary recordsdata on the host system.
This might result in important stability or performance issues with the working system, different put in software program, and even the CrowdStrike Falcon sensor itself, probably disrupting safety monitoring.
You will need to word that these are usually not distant code execution vulnerabilities and can’t be used for preliminary entry.
The vulnerabilities influence the CrowdStrike Falcon sensor for Home windows variations 7.28 and earlier. Particularly, this consists of builds as much as 7.28.20006, 7.27.19907, 7.26.19811, 7.25.19706, and seven.24.19607.
For patrons working older Home windows 7 or Home windows Server 2008 R2 programs, sensor model 7.16.18635 and earlier are additionally affected. These points don’t influence the Falcon sensors for macOS and Linux.
CrowdStrike has launched fixes throughout a number of sensor variations to handle the issues. The problems are resolved within the newest Falcon sensor for Home windows, model 7.29.
Moreover, hotfixes have been issued for variations 7.28 (7.28.20008), 7.27 (7.27.19909), 7.26 (7.26.19813), 7.25 (7.25.19707), and seven.24 (7.24.19608).
A selected hotfix, 7.16.18637, is out there for the affected Home windows 7 and 2008 R2 programs. Prospects are strongly suggested to improve all Home windows hosts working impacted sensor variations to a patched launch.
Affected VersionPatched Version7.28.200067.28.20008 and later7.27.199077.27.199097.26.19811 & 7.26.198097.26.198137.25.197067.25.197077.24.19607 and earlier7.24.196087.16.18635 and earlier (WIN7/2008 R2 solely)7.16.18637 (WIN7/2008 R2 solely)
The safety points have been recognized internally by CrowdStrike as a part of its complete safety posture administration and thru its longstanding bug bounty program, which inspires safety researchers to seek out and report vulnerabilities.
In its advisory, the corporate confirmed that its risk searching and intelligence groups are actively monitoring for any makes an attempt to take advantage of these vulnerabilities.
So far, no such exercise has been detected. The concurrent launch of the vulnerability particulars and the corresponding patches ensures that defenders have the mandatory instruments to remediate the difficulty earlier than it may be broadly abused by risk actors.
CrowdStrike has additionally supplied clients with a question they’ll use to determine impacted hosts inside their surroundings, facilitating a extra fast and focused remediation course of.
Cyber Consciousness Month Provide: Upskill With 100+ Premium Cybersecurity Programs From EHA’s Diamond Membership: Be a part of As we speak
