CVE-2025-26684 — External Control of File Name or Path in Microsoft Defender FOR Endpoint FOR Linux

CWE-73 — External Control of File Name or Path CWE-610 — Externally Controlled Reference to a Resource in Another Sphere4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.9%

top 24.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Defender FOR Endpoint FOR Linux Microsoft Defender FOR Endpoint Msrc Microsoft Defender FOR Endpoint FOR Linux

Timeline

PublishedMay 13

Description

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_defender_for_endpoint_for_linux101.0.0 — 101.25032.0010

▶msrcmsrc/microsoft_defender_for_endpoint_for_linux

▶NVDmicrosoft/defender< 101.25032.0008

🔴Vulnerability Details

GHSA

GHSA-xrjq-mmx8-72h6: External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally↗2025-05-13

▶

📋Vendor Advisories

Microsoft

Microsoft Defender Elevation of Privilege Vulnerability↗2025-05-13

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws↗2025-05-13

▶