CVE-2025-42706
BaseFortify
Publication date: 2025-10-08
Last updated on: 2025-10-08
Assigner: CrowdStrike Holdings, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crowdstrike | falcon_sensor | 7.24 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a logic error in the Falcon sensor for Windows that allows an attacker who already has the ability to execute code on the host to delete arbitrary files. It affects Falcon sensor for Windows versions prior to 7.24 and all Long Term Visibility (LTV) sensors. Other Falcon sensors for Mac, Linux, and Legacy Systems are not affected.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with limited privileges to delete arbitrary files on the affected Windows host, potentially causing denial of service or loss of important data. However, there is no indication that this vulnerability has been exploited in the wild so far.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Falcon sensor for Windows to version 7.24 or above, or apply the security fix provided by CrowdStrike. Ensure that all Long Term Visibility (LTV) sensors are also updated. Additionally, monitor for any unusual file deletion activities on hosts where the Falcon sensor is installed.