EXECUTIVE SUMMARY:
A pair of medium-severity vulnerabilities have been identified in CrowdStrike Falcon Sensor for Windows, tracked as CVE-2025-42701 and CVE-2025-42706. These flaws affect multiple Falcon Sensor versions and could allow local attackers to delete arbitrary system or sensor files, potentially disrupting endpoint protection, or system stability.
- CVE-2025-42701: This vulnerability carries a CVSS v3.1 score of 5.6 (Medium) and stems from a time-of-check to time-of-use (TOCTOU) race condition within the Falcon Sensor component. A local attacker with limited privileges could exploit the timing gap between resource validation and use to delete arbitrary files, including those critical to the Falcon service, thereby impairing security monitoring or host performance.
- CVE-2025-42706: Rated 6.5 (Medium) under CVSS v3.1, this flaw arises from a logic error in origin validation within the same Windows sensor component. A locally authenticated attacker could leverage the weakness to remove arbitrary files through improper verification paths, creating opportunities to disable sensor functionality or delete essential system resources.
These vulnerabilities pose a risk to enterprise environments where attackers already have local code execution capabilities. Successful exploitation could degrade endpoint visibility, disable protection mechanisms, or hinder system integrity.
RECOMMENDATION:
We strongly recommend you update CrowdStrike Falcon Sensor for Windows to versions 7.28.20008 or later, 7.27.19909, 7.26.19813, 7.25.19707, 7.24.19608, or 7.16.18637 (for Windows 7 / 2008 R2) or later.
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/crowdstrike-releases-fixes-for-two-falcon-sensor-for-windows-vulnerabilities-cve-2025-42701-cve-2025-42706/
