CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-69783

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

OpenEDR 安全漏洞

OpenEDR is an open-source terminal detection and response security platform developed by Comodo Cyber Security. Version 2.5.1.0 of OpenEDR contains a security vulnerability. This vulnerability stems from the ability to bypass the system’s defense mechanisms by renaming malicious executable files,...

CVE-2025-69783

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

PT-2026-25768

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-69783

OpenEDR 2.5.1.0 self-defense can be bypassed by renaming a malicious executable to a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe), enabling interaction with the OpenEDR kernel driver and granting access to privileged configuration, process monitoring, and IOCTL functionality. Th...

OpenEDR 安全漏洞

OpenEDR is an open-source terminal detection and response security platform developed by Comodo Cyber Security. Version 2.5.1.0 of OpenEDR contains a security vulnerability. This vulnerability stems from an vulnerable IOCTL interface in the kernel driver, which may allow local non-privileged...

OpenEDR - Open EDR Public Repository

We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to public, where products and services can be provisioned and managed together. EDR is our starting point. OpenEDR is a full blown EDR capability. It is one of the most sophisticated, effective EDR co...