Elastic has disclosed a major safety vulnerability in Elastic Defend for Home windows that might permit attackers to escalate their privileges on affected methods.
Tracked as CVE-2025-37735 and designated as ESA-2025-23, the flaw stems from improper permission preservation inside the Defend service working with SYSTEM-level privileges.
The vulnerability exists in how Elastic Defend handles file permissions on Home windows hosts.
Elastic Defend for Home windows Vulnerability
As a result of the Defend service runs with SYSTEM privileges, the very best permission stage in Home windows, an attacker with native entry might exploit this flaw to delete arbitrary recordsdata on the system.
In particular situations, this functionality might be weaponized to realize native privilege escalation, granting unauthorized customers administrative entry to the compromised machine.
Any such vulnerability is hazardous as a result of it bridges the hole between lower-privilege person accounts and full system management.
The vulnerability impacts Elastic Defend throughout a number of variations. Variations as much as and together with 8.19.5. Variations 9.0.0 by way of 9.1.5.
Making a pretty goal for menace actors searching for to deepen their foothold on compromised networks. The vulnerability carries a CVSS v3.1 rating of seven.0, labeled as Excessive severity.
AttributesDetailsCVE IDCVE-2025-37735Vulnerability TypeImproper Preservation of PermissionsAffected ProductElastic Defend for WindowsAffected Versions8.19.5 and earlier; 9.0.0 by way of 9.1.5Fixed Versions8.19.6, 9.1.6, 9.2.0CVSS v3.1 Score7.0 (Excessive)
The assault vector requires native entry and better privileges than a typical person account, however notably doesn’t require person interplay.
Organizations working these variations ought to deal with this disclosure as pressing and prioritize remediation instantly.
Elastic recommends customers improve to patched variations as the first mitigation technique.
The mounted variations are 8.19.6, 9.1.6, or 9.2.0. These updates instantly handle the permission preservation difficulty and eradicate the exploitation pathway.
For organizations unable to improve instantly, Windows11 24H2 consists of architectural adjustments that make exploitation considerably harder.
Directors with out the flexibility to patch Elastic Defend shortly ought to take into account upgrading to Home windows 11 24H2 or later as an interim protecting measure.
Organizations ought to prioritize upgrading Elastic Defend installations to eradicate this vulnerability.
These working older Home windows variations with out fast improve paths ought to implement this as a secondary mitigation whereas planning their improve schedule.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
