CVE-2025-26684
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: secure@microsoft.com (Secondary)
Description
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Affected (1)
Products: Microsoft: Defender For Endpoint
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 101.25032.0008 |
Related CWEs
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CWE-73
External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
References (1)
Source: secure@microsoft.com
Vendor Advisory
Timeline
No history available yet.