Description

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as configuration changes, process monitoring, and IOCTL communication that should be restricted to trusted components. While this issue alone does not directly grant SYSTEM privileges, it breaks OpenEDR's trust model and enables further exploitation leading to full local privilege escalation.

INFO

Published Date :

2026-03-16T00:00:00.000Z

Last Modified :

2026-03-17T13:54:12.332Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69783 vulnerability.

Vendors Products
Comodosecurity
  • Openedr
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69783.

URL Resource
https://github.com/ComodoSecurity/openedr cve-icon cve-icon
https://github.com/ComodoSecurity/openedr/issues/49 cve-icon cve-icon
https://scavengersecurity.com/posts/edr-as-rootkit-2/ cve-icon cve-icon
https://www.openedr.com/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System