CVE-2025-1146

Name of the Vulnerable Software and Affected Versions Falcon Sensor for Linux versions prior to 7.06 Falcon Kubernetes Admission Controller versions prior to 7.06 Falcon Container Sensor versions prior to 7.06

Description The issue is related to a validation logic error in the TLS connection routine to the CrowdStrike cloud, which could allow an attacker to conduct a man-in-the-middle (MiTM) attack. The error is in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. CrowdStrike has no indication of any exploitation of this issue in the wild and has leveraged its threat hunting and intelligence capabilities to actively monitor for signs of abuse or usage of this flaw.

Recommendations For Falcon Sensor for Linux versions prior to 7.06, update to version 7.06 or above. For Falcon Kubernetes Admission Controller versions prior to 7.06, update to version 7.06 or above. For Falcon Container Sensor versions prior to 7.06, update to version 7.06 or above. As a temporary workaround, consider restricting access to the TLS connection routine to minimize the risk of exploitation.