4 matches found
EUVD-2025-208751
A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...
CVE-2025-69783
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...
PT-2026-25767
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...
CVE-2025-69784
CVE-2025-69784 describes a local, non-privileged attacker abusing a vulnerable IOCTL interface in the OpenEDR 2.5.1.0 kernel driver to alter the DLL injection path. By redirecting the path to a user-writable location, the attacker can cause OpenEDR to load an attacker-controlled DLL into high-pri...