FireEye EDR Vulnerability Allows Attackers to Execute Unauthorized Code
gbhackersA critical vulnerability (CVE-2025-0618) in FireEye’s Endpoint Detection and Response (EDR) agent has been disclosed, enabling attackers to execute unauthorized code and trigger persistent denial-of-service (DoS) conditions.
The flaw, rated high severity, impacts tamper protection mechanisms in FireEye’s HX service and could disrupt critical security operations indefinitely.
Vulnerability Details
The issue stems from improper handling of tamper protection events by the FireEye EDR agent. Attackers can exploit this by sending a specially crafted event to the HX service, triggering an unhandled exception.
This exception not only halts further processing of tamper protection alerts but also persists across system reboots, effectively disabling a core defense feature.
- CVE ID: CVE-2025-0618 (CVSS score pending)
- Attack Vector: Remote code execution via malicious event injection.
- Impact:
- Persistent DoS, rendering tamper protection non-functional.
- Potential lateral movement by abusing the security gap.
- Discovery: Reported by Trellix’s Product Security Incident Response Team (PSIRT).
Affected Software ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE