- Description
- External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Microsoft Defender for EndpointのLinux版に深刻なローカル権限昇格の脆弱性(CVE-2025-26684)が報告され、5月の「Patch Tuesday」で修正された。 本脆弱性はファイルパスの処理における外部制御の不備に起因し、正規ユー
@yousukezan
14 May 2025
1591 Impressions
1 Retweet
9 Likes
0 Bookmarks
0 Replies
0 Quotes
『The grab_java_version() function is where the vulnerability exists.』 CVE-2025-26684 Vulnerability Advisory: Microsoft Defender for Endpoint on Linux Elevation of Privilege https://t.co/acO3Xmh9qm
@autumn_good_35
14 May 2025
132 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Microsoft Defender for Endpoint may be your trusty shield, but watch out for CVE-2025-26684! Even the best armor has its chinks. Stay alert and patch up! #WindowsForum #CyberSecurity #StaySafe https://t.co/GaRmLOIRXJ
@windowsforum
14 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I blogged about my discovery of CVE-2025-26684 - Microsoft Defender for Endpoint (MDE) on Linux Elevation of Privilege https://t.co/mjtUQ9YOmW
@0xm1rch
13 May 2025
5819 Impressions
23 Retweets
83 Likes
28 Bookmarks
2 Replies
0 Quotes
CVE-2025-26684 External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. https://t.co/tsVfL2ex85
@CVEnew
13 May 2025
307 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:*:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "7ABA09BC-EFEB-41F3-8C43-C7A7DF971566",
"versionEndExcluding": "101.25032.0008"
}
],
"operator": "OR"
}
]
}
]