CVE-2025-69784

{"id": "CVE-2025-69784", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2026-03-16T16:16:13.460", "references": [{"url": "https://gist.github.com/ikerl/c3ec81f12ded44c2e0ae2dfdacb562ba", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://github.com/ComodoSecurity/openedr", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/ComodoSecurity/openedr/issues/49", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://scavengersecurity.com/posts/edr-as-rootkit-2/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openedr.com/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into high-privilege processes. This results in arbitrary code execution with SYSTEM privileges, leading to full compromise of the affected system."}, {"lang": "es", "value": "Un atacante local y no privilegiado puede abusar de una interfaz IOCTL vulnerable expuesta por el controlador del kernel OpenEDR 2.5.1.0 para modificar la ruta de inyecci\u00f3n de DLL utilizada por el producto. Al redirigir esta ruta a una ubicaci\u00f3n escribible por el usuario, un atacante puede hacer que OpenEDR cargue una DLL controlada por el atacante en procesos de alto privilegio. Esto resulta en ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios de SYSTEM, lo que lleva a un compromiso total del sistema afectado."}], "lastModified": "2026-03-20T13:51:52.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xcitium:openedr:2.5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2BE1711-EE54-4E5D-A6CD-40033932443C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}