CVE-2025-59497
published 2025-10-14CVE-2025-59497: Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
PriorityP419medium4.7CVSS 3.1
AVLACHPRLUINSUCNINAH
EPSS
0.19%
8.6th percentile
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | defender_for_endpoint | < 101.25032.0010 | 101.25032.0010 |
| microsoft | microsoft_defender_for_endpoint_for_linux | >= 101.0.0 < 101.25032.0010 | 101.25032.0010 |
| msrc | microsoft_defender_for_endpoint_for_linux | — | — |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Defender for Linux Denial of Service Vulnerability
vendor_msrc·2025-10-14·CVSS 7.0
CVE-2025-59497 [HIGH] CWE-367 Microsoft Defender for Linux Denial of Service Vulnerability
Microsoft Defender for Linux Denial of Service Vulnerability
Description: Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
Microsoft Defender for Linux: Microsoft Defender for Linux
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://learn.microsoft.com/en-us/defender-endpoint/linux-updates
Reference: https://learn.micro
GHSA
GHSA-rc6m-rg5w-wv73: Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally
ghsa_unreviewed·2025-10-14
CVE-2025-59497 [HIGH] CWE-367 GHSA-rc6m-rg5w-wv73: Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
No detection rules found.
No public exploits indexed.
2025-10-14
Published