CVE-2025-69783 — HIGH (7.8)

Vulnerability Description

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as configuration changes, process monitoring, and IOCTL communication that should be restricted to trusted components. While this issue alone does not directly grant SYSTEM privileges, it breaks OpenEDR's trust model and enables further exploitation leading to full local privilege escalation.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xcitium	Openedr	2.5.1.0

Related Weaknesses (CWE)

CWE-250

References

https://github.com/ComodoSecurity/openedrProduct
https://github.com/ComodoSecurity/openedr/issues/49Issue TrackingThird Party Advisory
https://scavengersecurity.com/posts/edr-as-rootkit-2/ExploitThird Party Advisory
https://www.openedr.com/Product

FAQ

What is CVE-2025-69783?

CVE-2025-69783 is a vulnerability with a CVSS score of 7.8 (HIGH). A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthori...

How severe is CVE-2025-69783?

CVE-2025-69783 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-69783?

Check the references section above for vendor advisories and patch information. Affected products include: Xcitium Openedr.