November 10, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Zero Trust Architecture: Why MSSPs Are Key to Implementing This Framework
October 9, 2025
Microsoft Events Flaw Exposes User Data
October 9, 2025
Zero Trust Architecture: Why MSSPs Are Key to Implementing This Framework
October 9, 2025
Microsoft Events Flaw Exposes User Data
October 9, 2025
Severity
Medium
Analysis Summary
CrowdStrike Falcon Sensor for Windows has received fixes for two medium-severity vulnerabilities CVE-2025-42701 and CVE-2025-42706, that could allow an attacker with prior code execution on a host to delete arbitrary files. While there is no evidence of exploitation in the wild, CrowdStrike’s intelligence teams are actively monitoring for any malicious activity.
The flaws have been addressed in Falcon sensor for Windows version 7.29, in hotfix releases for versions 7.24–7.28, and in version 7.16 for Windows 7/2008 R2 systems. These updates also apply to the Long-Term Visibility (LTV) sensor for Windows IoT.
Exploitation could result in stability or functionality issues with the Falcon sensor or other system software, including the OS. Mac, Linux, and legacy Windows Falcon sensors are not affected.
The vulnerabilities were discovered through CrowdStrike’s Bug Bounty program.
- CVE-2025-42701: TOCTOU race condition, CAPEC-27. CVSS score: 5.6 (Medium).
- CVE-2025-42706: Origin Validation Error, CAPEC-473. CVSS score: 6.5 (Medium).
Affected versions:
- Falcon sensor for Windows 7.28.20006 and earlier, including 7.27.19907, 7.26.19811, 7.25.19706, 7.24.19607 and earlier, and 7.16.18635 (Windows 7/2008 R2).
Patched versions:
- 7.28.20008 and later, 7.27.19909, 7.26.19813, 7.25.19707, 7.24.19608, and 7.16.18637.
CrowdStrike reports no performance degradation from applying the fixes. The company followed coordinated vulnerability disclosure best practices, releasing patches and details simultaneously to protect customers.
Security teams are advised to update Falcon sensors to the latest versions to prevent potential abuse.
Impact
- Code Execution
- File Deletion
Indicators of Compromise
CVE
CVE-2025-42701
CVE-2025-42706
Remediation
- Upgrade Falcon sensor for Windows to version 7.29 or later to apply the security fixes.
- Apply hotfixes for versions 7.24 through 7.28 to address the vulnerabilities.
- Install the 7.16 hotfix for hosts running Windows 7/2008 R2 to mitigate the issue.
- Ensure all Long-Term Visibility (LTV) sensors are updated to the latest patched versions.
- Monitor systems for unusual file deletion activity to detect potential exploitation attempts.
- Maintain regular patch management processes to reduce exposure to known vulnerabilities.
- Review endpoint security configurations to ensure proper access control and least privilege.