cbcvebase.
CVE-2025-26684
published 2025-05-13

CVE-2025-26684: External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

PriorityP431medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.36%
28.4th percentile
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftdefender_for_endpoint< 101.25032.0008101.25032.0008
microsoftmicrosoft_defender_for_endpoint_for_linux>= 101.0.0 < 101.25032.0010101.25032.0010
msrcmicrosoft_defender_for_endpoint_for_linux

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_msrc6.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.