OpenEDR 2.5.1.0 Driver Allows Local Privilege Escalation

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

OpenEDR 2.5.1.0 Driver Allows Local Privilege Escalation

CVE-2025-69784

Summary

A security flaw in the OpenEDR 2.5.1.0 kernel driver lets an unauthorized user, with normal user privileges, take control of the entire computer. This can happen if an attacker tricks the system into loading a malicious program into a critical part of the system. To protect your system, update the OpenEDR driver to the latest version.

Original title

Original description

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into high-privilege processes. This results in arbitrary code execution with SYSTEM privileges, leading to full compromise of the affected system.

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026