CrowdStrike Falcon Vulnerability Allows Attackers Delete Arbitrary Files - cyberpress.org

CrowdStrike Falcon Vulnerability Allows Attackers Delete Arbitrary Files By AnuPriya October 9, 2025 Categories: Cyber Security NewsCybersecurityVulnerability The vulnerabilities, designated as CVE-2025-42701 and CVE-2025-42706, both require attackers to have previously established code execution capabilities on the target system. CVE-2025-42701 represents a Time-of-check Time-of-use (TOCTOU) race condition vulnerability with a CVSS score of 5.6, whereas CVE-2025-42706 involves a logic error related to origin validation, carrying a higher CVSS score of 6.5. Both flaws could allow malicious actors to delete arbitrary files on affected Windows systems, potentially causing stability issues with the Falcon sensor or other critical software components, including the operating system itself. The race condition vulnerability stems from a TOCTOU issue classified under CWE-367, while the logic error relates to origin validation problems categorized as CWE-346. CrowdStrike discovered these vulnerabilities through its established Bug Bounty program as part of comprehensive security assessments. The company emphasizes that only Windows-based Falcon sensors are affected, with Mac, Linux, and Legacy Windows Systems remaining unimpacted by these security flaws. CVE ID Affected Product Vulnerability Type CVSS 3.1 Score Impact Exploit Prerequisites CVE-2025-42701 CrowdStrike Falcon Sensor for Windows Race Condition (TOCTOU – CWE-367) 5.6 (Medium) Arbitrary file deletion with prior code execution Previously established code execution capabilities CVE-2025-42706 CrowdStrike Falcon Sensor for Windows Logic Error (Origin Validation – CWE-346) 6.5 (Medium) Arbitrary file deletion with prior code execution Previously established code execution capabilities Comprehensive Patches Released Across Multiple Versions CrowdStrike implemented fixes across multiple sensor versions to ensure comprehensive coverage. The patches are available in Falcon sensor version 7.29, as well as hotfix releases for versions 7.24 through 7.28, and a specialized hotfix for 7.16, specifically for Windows 7 and 2008 R2 systems. Affected versions include 7.28.20006, 7.27.19907, 7.26.19811, 7.25.19706, 7.24.19607 and earlier builds, plus 7.16.18635 and earlier 7.16 builds for Windows 7 and 2008 R2 environments. The corresponding patched versions include 7.28.20008 and later, 7.27.19909, 7.26.19813, 7.25.19707, 7.24.19608, and 7.16.18637 for legacy Windows systems. The version 7.24 hotfix also serves as an update for the current Long-Term Visibility sensor for Windows IoT deployments. CrowdStrike provides a GitHub query to help customers identify potentially impacted hosts within their environments. CrowdStrike reports no evidence of active exploitation of these vulnerabilities in production environments. The company’s threat hunting and intelligence teams maintain continuous monitoring for potential abuse attempts and have established visibility mechanisms to detect exploitation efforts. This proactive disclosure follows industry best practices for coordinated vulnerability disclosure, ensuring customers receive timely protection guidance. The company confirms that no performance impact is expected from the security updates, with testing revealing no direct or indirect effects on sensor functionality. CrowdStrike strongly recommends that customers upgrade Windows hosts running affected sensor versions to the latest patched releases to maintain an optimal security posture and prevent potential file deletion attacks. Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway Cyber Attack March 16, 2026 Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories Cyber Security News March 16, 2026 Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits Cyber Security News March 16, 2026 Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services Cyber Security News March 16, 2026 Real-Time Phishing Campaigns Use Fake Shipment Alerts To Steal Banking Data In MEA Cyber Security News March 16, 2026 Related Stories Cyber Attack Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway AnuPriya - March 16, 2026 Cyber Security News Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories AnuPriya - March 16, 2026 Cyber Security News Android 17 Launches Advanced Protection Mode to Stop Malicious Service Exploits AnuPriya - March 16, 2026 Cyber Security News Google Looker Studio Vulnerabilities Enable Attackers to Exfiltrate Data from Google Services AnuPriya - March 16, 2026 Cyber Security News Real-Time Phishing Campaigns Use Fake Shipment Alerts To Steal Banking Data In MEA Varshini - March 16, 2026 Cyber Security News Indirect Prompt Injection Attacks Cause OpenClaw AI Agents to Leak Sensitive Data AnuPriya - March 16, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: