CVE-2025-69783

Name of the Vulnerable Software and Affected Versions OpenEDR version 2.5.1.0

Description A local attacker can circumvent the self-defense mechanism in OpenEDR by renaming a malicious executable to match a trusted process name, such as csrss.exe, edrsvc.exe, or edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality including configuration changes, process monitoring, and IOCTL communication. While this issue does not directly grant SYSTEM privileges, it compromises OpenEDR’s trust model and enables further exploitation leading to local privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.