CrowdStrike Releases Fixes for Two Falcon Sensor for Windows Vulnerabilities (CVE-2025-42701 & CVE-2025-42706)

CrowdStrike has released security updates to address two vulnerabilities in its Falcon Sensor for Windows, identified as CVE-2025-42701 and CVE-2025-42706. While both flaws require prior local code execution, they could allow attackers to delete arbitrary files, potentially impacting system stability and security monitoring capabilities.

The vulnerabilities were discovered internally through CrowdStrike’s Bug Bounty program and form part of the company’s proactive security posture. There is currently no evidence of exploitation in the wild, and CrowdStrike emphasized that it is actively monitoring for any attempts to abuse these flaws.

The advisory highlights that the vulnerabilities stem from two different flaws — a race condition and a logic error — both within the Windows version of the Falcon Sensor.

The first issue, CVE-2025-42701, is described as a race condition that could permit deletion of arbitrary files under specific conditions. The second, CVE-2025-42706, results from a logic error in the Falcon Sensor’s handling of file operations, also enabling potential file deletion.

CrowdStrike notes, “A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files.”

While the flaws do not directly allow remote code execution, they could be exploited to destabilize system functionality or disable security mechanisms, indirectly aiding further compromise.

The company warns, “Exploiting these issues to delete files could potentially lead to stability or functionality issues with the CrowdStrike Falcon Windows sensor, or other software on the system including the operating system.”

Importantly, Falcon sensors for macOS, Linux, and Legacy Windows systems are not affected by these vulnerabilities.

CrowdStrike identified that Falcon Sensor for Windows versions 7.28 and earlier are vulnerable. The company has made fixes available across a wide range of builds, including hotfixes for versions 7.24 through 7.28 and an additional update for version 7.16 supporting older Windows systems such as Windows 7 and Windows Server 2008 R2.

The patched versions include:

• 7.28.20008 and later
• 7.27.19909
• 7.26.19813
• 7.25.19707
• 7.24.19608
• 7.16.18637 (Windows 7 / 2008 R2 only)

CrowdStrike also confirmed that the 7.24 hotfix will serve as an update for the Long-Term Visibility (LTV) Sensor for Windows IoT environments.

Related Posts:

• CrowdStrike Falcon Sensor Crash Triggers Global IT Outage, Emergency Workaround Released
• CrowdStrike Addresses High-Severity TLS Vulnerability in Falcon Sensor for Linux (CVE-2025-1146)
• CrowdStrike Reveals Technical Details of Update Causing Windows Systems Crash
• CrowdStrike Identifies Root Cause of Massive Windows Outage
• Stealth Falcon Exploits New Zero-Day (CVE-2025-33053) in Sophisticated Cyberespionage Campaign