CrowdStrike has disclosed two medium-severity vulnerabilities in its Falcon Sensor for Windows, which could be used by attackers to delete files on affected systems.
The vulnerabilities, which are being tracked as CVE-2025-42701 and CVE-2025-42706, require a threat actor to have already established the ability to execute code on the host. Once they have gained that ability, attackers could exploit the vulnerabilities to delete arbitrary files, potentially causing significant stability or functionality issues within the Falcon sensor itself, other software installed on the affected system, and the operating system.
CrowdStrike was made aware of the vulnerabilities through its bug bounty program with HackerOne, where researcher Cong Cheng discovered and responsibly disclosed both issues to the company.
Following disclosure, CrowdStrike has released patches for both vulnerabilities, and has stated that there is no evidence that either issue has been exploited in the wild.
“Our threat hunting and intelligence teams are actively monitoring for exploitation and we maintain visibility into any such attempts,” the company says.
Remediation Guidance
Organizations should upgrade Windows hosts running affected sensor versions (Falcon Sensor for Windows versions 7.28 and earlier) to a fixed version. These include the latest Falcon sensor for Windows version 7.29, hotfix releases for versions 7.24 through 7.28, and a 7.16 hotfix for hosts running Windows 7/2008 R2.
CrowdStrike has also provided customers with a query that can be used to identify impacted hosts within their environment. This query is available on GitHub.
CrowdStrike’s Falcon sensor for Mac, Falcon sensor for Linux, and Falcon sensor for Legacy Windows Systems are not impacted by these vulnerabilities.
Read More
