CVE-2025-26684
13.05.2025, 17:15
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.Enginsight
| Vendor | Product | Version |
|---|---|---|
| microsoft | defender_for_endpoint | 𝑥 < 101.25032.0008 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-73 - External Control of File Name or PathThe software allows user input to control or influence paths or file names that are used in filesystem operations.
- CWE-610 - Externally Controlled Reference to a Resource in Another SphereThe product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.