CVE-2025-69784

Name of the Vulnerable Software and Affected Versions OpenEDR version 2.5.1.0

Description A local, non-privileged attacker can exploit a vulnerable IOCTL interface exposed by the OpenEDR kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load a malicious DLL into high-privilege processes. This results in arbitrary code execution with SYSTEM privileges, leading to a full system compromise. An IOCTL (Input/Output Control) interface allows applications to communicate with device drivers. In this case, the vulnerable IOCTL interface allows modification of the DLL injection path.

Recommendations Update to a newer version of OpenEDR that addresses this vulnerability.