.png)
1 month ago
1
We have released fixes for two issues affecting the Falcon sensor for Windows. Both of these issues require an adversary to have previously established the ability to execute code on the host, and could allow them to delete arbitrary files. The fixes for both issues are in the latest Falcon sensor for Windows version 7.29, in hotfix releases for versions 7.24 through 7.28, and in a 7.16 hotfix for hosts running Windows 7/2008 R2. The version 7.24 hotfix will also be an update for the current Long-Term Visibility (LTV) Sensor for Windows IoT. There is no indication of exploitation of these issues in the wild. Our threat hunting and intelligence teams are actively monitoring for exploitation and we maintain visibility into any such attempts. We are disclosing these issues and fixes concurrently, in line with industry best practices for coordinated vulnerability disclosure to ensure our customers remain protected.Summary
Exploiting these issues to delete files could potentially lead to stability or functionality issues with the CrowdStrike Falcon Windows sensor, or other software on the system including the operating system. The Falcon sensor for Mac, the Falcon sensor for Linux and the Falcon sensor for Legacy Windows Systems are not impacted.Impact
A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility (LTV) sensors. These issues were identified through our longstanding Bug Bounty program and as part of our comprehensive security posture.Technical Overview
Falcon sensor for Windows versions 7.28 and earlier are affected.Affected Versions
Affected Falcon sensor for Windows versions
7.28.20006
7.27.19907
7.26.19811
7.26.19809
7.25.19706
7.24.19607 and earlier
7.16.18635 and earlier 7.16 builds (WIN7/2008 R2 only)
Patched Falcon sensor for Windows versions
7.28.20008 and later
7.27.19909
7.26.19813
7.25.19707
7.24.19608
7.16.18637 (WIN7/2008 R2 only)
CrowdStrike has scored CVE-2025-42706, the Falcon Sensor for Windows Logic Error, a 6.5 (MEDIUM) per the Common Vulnerability Scoring System Version 3.1 (CVSS).Severity
CrowdStrike has scored CVE-2025-42701, the Falcon Sensor for Windows Race Condition, a 5.6 (MEDIUM) per the Common Vulnerability Scoring System Version 3.1 (CVSS).
CVE-2025-42701 - CrowdStrike Falcon Sensor for Windows Race Condition CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CAPEC-27: Leveraging Race Conditions via Symbolic Links CVE-2025-42706 - CrowdStrike Falcon Sensor for Windows Logic Error CWE-346: Origin Validation Error CAPEC-473: Signature SpoofWeakness Type and Impact
CrowdStrike has no indication of any exploitation of these issues in the wild. CrowdStrike is actively monitoring for signs of abuse or usage of this flaw.Exploitation status
No direct or indirect impact to sensor performance is expected, nor was any seen in our testing.Performance impact
Remediation
Customers should upgrade Windows hosts running impacted sensor versions to a fixed version.
Additional Questions
If you have additional questions, please reach out to your Technical Account Manager, Sales Engineer, Account Manager, or CrowdStrike Support.
