CVE-2025-69784 in OpenEDRinformation

Résumé

par MITRE • 16/03/2026

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into high-privilege processes. This results in arbitrary code execution with SYSTEM privileges, leading to full compromise of the affected system.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

MITRE

Réserver

09/01/2026

Divulgation

16/03/2026

Modérer

accepté

Entrée

VDB-351287

CPE

prêt

CWE

CWE-74 (confirmé)

CVSS

8.8 (CISA-ADP)

EPSS

0.00024

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-69784
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-69784
CVE Details	https://www.cvedetails.com/cve/CVE-2025-69784/

◂ Précédent Aperçu Suivant ▸

Do you need the next level of professionalism?

Upgrade your account now!