CVE-2025-42701
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-08

Last updated on: 2025-10-08

Assigner: CrowdStrike Holdings, Inc.

Description
A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility (LTV) sensors. There is no indication of exploitation of these issues in the wild. Our threat hunting and intelligence team are actively monitoring for exploitation and we maintain visibility into any such attempts. The Falcon sensor for Mac, the Falcon sensor for Linux and the Falcon sensor for Legacy Systems are not impacted by this. CrowdStrike was made aware of this issue through our HackerOne bug bounty program. It was discovered by Cong Cheng and responsibly disclosed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-08
Last Modified
2025-10-08
Generated
2026-05-07
AI Q&A
2025-10-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-42701
EUVD
EUVD-2025-33293
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
crowdstrike falcon_sensor_for_windows 7.28
crowdstrike falcon_sensor_for_windows 7.24
crowdstrike falcon_sensor_for_windows 7.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the CrowdStrike Falcon sensor for Windows that allows an attacker who already has the ability to execute code on the host to delete arbitrary files. It is caused by a logic error and affects specific versions of the Falcon sensor for Windows. The flaw could disrupt the sensor's operation or other software on the system. It does not affect Falcon sensors for Mac, Linux, or Legacy Windows systems. [1]


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker with prior code execution access to delete arbitrary files on the affected system. This could lead to stability or functionality issues with the Falcon sensor itself or other software, including the operating system, potentially causing system disruption or failure. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves identifying if vulnerable versions of the Falcon sensor for Windows are installed on hosts. CrowdStrike recommends upgrading to fixed sensor versions and provides additional resources and queries for impacted hosts via their GitHub and customer support channels. Specific commands are not provided in the available resources. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the Falcon sensor for Windows to the fixed versions starting from 7.24.19608 and above (including all Long Term Visibility sensors). This update addresses the race condition vulnerability and prevents exploitation. Monitoring for any suspicious activity is also advised. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart