CVE-2025-69784 in OpenEDRИнформация

Сводка

по MITRE • 16.03.2026

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into high-privilege processes. This results in arbitrary code execution with SYSTEM privileges, leading to full compromise of the affected system.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

MITRE

Резервировать

09.01.2026

Раскрытие

16.03.2026

Модерация

принято

Вход

VDB-351287

CPE

готов

CWE

CWE-74 (Подтверждённый)

CVSS

8.8 (CISA-ADP)

EPSS

0.00024

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-69784
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-69784
CVE Details	https://www.cvedetails.com/cve/CVE-2025-69784/

◂ Предыдущий Обзор Далее ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!