CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-69783

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

OpenEDR 安全漏洞

OpenEDR is an open-source terminal detection and response security platform developed by Comodo Cyber Security. Version 2.5.1.0 of OpenEDR contains a security vulnerability. This vulnerability stems from the ability to bypass the system’s defense mechanisms by renaming malicious executable files,...

OpenEDR 安全漏洞

OpenEDR is an open-source terminal detection and response security platform developed by Comodo Cyber Security. Version 2.5.1.0 of OpenEDR contains a security vulnerability. This vulnerability stems from an vulnerable IOCTL interface in the kernel driver, which may allow local non-privileged...

CVE-2025-69783

CVE-2025-69783 concerns OpenEDR’s 2.5.1.0 self-defense mechanism. A local attacker can rename a malicious executable to a trusted process name (for example, csrss.exe, edrsvc.exe, edrcon.exe), enabling unauthorized interaction with the OpenEDR kernel driver. This exposes privileged functionality ...

CVE-2025-69783

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

PT-2026-25768

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

OpenEDR - Open EDR Public Repository

We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to public, where products and services can be provisioned and managed together. EDR is our starting point. OpenEDR is a full blown EDR capability. It is one of the most sophisticated, effective EDR co...