CVE-2025-69783

HIGH 7.8

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as configuration changes, process monitoring, and IOCTL communication that should be restricted to trusted components. While this issue alone does not directly grant SYSTEM privileges, it breaks OpenEDR's trust model and enables further exploitation leading to full local privilege escalation.

Vendor	n/a
Product	n/a
Published	Mar 16, 2026
Last Updated	Mar 17, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

scavengersecurity.com: https://scavengersecurity.com/posts/edr-as-rootkit-2/ github.com: https://github.com/ComodoSecurity/openedr openedr.com: https://www.openedr.com/ github.com: https://github.com/ComodoSecurity/openedr/issues/49