CrowdStrike: Security update for Falcon Sensor for Windows (CVE-2025-42701, CVE-2025-42706)

Posted on 2025-10-09 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]There are two medium-score vulnerabilities in CrowdStrike Falcon Sensors for Windows that have been patched by the manufacturer via an update. A discussion is currently raging because CrowdStrike refers to this as an "issue," while security researchers refer to it as "closing vulnerabilities."

CrowdStrike information about an "issue"

CrowdStrike has published a security advisory entitled Issues Affecting CrowdStrike Falcon Sensor for Windows on the matter. It states that "fixes for two issues" affecting the Falcon sensor for Windows have been released.

In both cases, an attacker would first have to create the possibility of executing code on the host. Then they could use the "two problems" to delete any files.

  • CVE-2025-42701: A Time-of-check Time-of-use (TOCTOU) race condition in Falcon Sensor for Windows that could allow an attacker who has previously been able to execute code on a host to delete arbitrary files; CVSS 3.1 Score 5.6 (Medium)
  • CVE-2025-42706: A logic error exists in Falcon Sensor for Windows that could allow an attacker who has previously been able to execute code on a host to delete arbitrary files. CVSS 3.1 Score 6.5 (Medium)

CrowdStrike has released fixes for these two vulnerabilities, which it has classified as "problems." The fixes only affect the Falcon sensor for Windows; the sensors for Linux and macOS are not affected.

The fixes for both issues are included in the latest version 7.29 of the Falcon sensor for Windows, in hotfix versions for versions 7.24 to 7.28, and in a hotfix 7.16 for hosts running Windows 7/2008 R2. The hotfix for version 7.24 is also an update for the current Long-Term Visibility (LTV) sensor for Windows IoT.

There are no signs that "these issues" are being exploited in practice, CrowdStrike writes. Their threat detection and analysis teams are actively monitoring whether these "issues" are being exploited, according to the security advisory.

Controversy over "issues versus vulnerabilities"

The wording "issues" chosen by CrowdStrike in the security advisory immediately sparked controversy.

CrowdStrike security warning - issue or vulnerability

Security expert Kevin Beaumont points out in the above tweet that CrowdStrike's description of a "problem" is simply sugarcoating. Security vulnerabilities have been found in the Falcon sensors, and they should be referred to as such.

This entry was posted in Security, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).