CVE-2025-59497 — Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft Defender FOR Endpoint FOR Linux

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition4 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 92.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Defender FOR Endpoint FOR Linux Microsoft Defender FOR Endpoint Msrc Microsoft Defender FOR Endpoint FOR Linux

Timeline

PublishedOct 14

Description

Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_defender_for_endpoint_for_linux101.0.0 — 101.25032.0010

▶msrcmsrc/microsoft_defender_for_endpoint_for_linux

▶NVDmicrosoft/defender< 101.25032.0010

🔴Vulnerability Details

GHSA

GHSA-rc6m-rg5w-wv73: Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally↗2025-10-14

▶

📋Vendor Advisories

Microsoft

Microsoft Defender for Linux Denial of Service Vulnerability↗2025-10-14

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws↗2025-10-14

▶