Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-47161 — Improper Access Control in Microsoft Defender FOR Endpoint FOR Linux

Severity

7.8HIGHNVD

EPSS

5.8%

top 9.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedMay 15

Latest updateJul 8

Description

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶NVDmicrosoft/defender< 101.25022.0002

GHSA

GHSA-ww93-7rhp-2gf3: Microsoft Defender for Endpoint Elevation of Privilege Vulnerability↗2025-05-15

▶

Exploit-DB

Microsoft Defender for Endpoint (MDE) - Elevation of Privilege↗2025-07-08

▶

Microsoft

Microsoft Defender for Endpoint Elevation of Privilege Vulnerability↗2025-05-13

▶