Summary: CrowdStrike has disclosed a vulnerability (CVE-2025-1146) affecting its Falcon Sensor for Linux, Kubernetes Admission Controller, and Container Sensor due to improper TLS certificate validation. This flaw could expose systems to man-in-the-middle attacks, necessitating prompt patching to secure enterprise environments. Although no exploitation is reported, the vulnerability is rated high severity (CVSS 8.1), impacting versions prior to 7.21, and CrowdStrike has released patches and hotfixes to mitigate the risk.
Affected: CrowdStrike’s Falcon Sensor for Linux, Kubernetes Admission Controller, and Falcon Container Sensor
Keypoints :
- Vulnerability arises from improper validation of TLS server certificates.
- Impacted versions include Falcon Sensor (before 7.21.17405), Kubernetes Admission Controller (before 7.21.1904), and Container Sensor (before 7.21.6003).
- CrowdStrike has released patches for all affected versions and recommends immediate upgrades or hotfixes.
- The vulnerability highlights significant risks in TLS connection handling and requires urgent remediation efforts from affected organizations.
Source: https://gbhackers.com/critical-vulnerability-in-falcon-sensor/
Correction Notice (February 14, 2024)
This article has been updated to correct the severity rating of CVE-2025-1146. The vulnerability was initially described as "critical," but its CVSS score is 8.1 (HIGH). The article has been revised to reflect this correction. Additionally, the original phrasing regarding affected versions has been clarified to specify that only versions prior to 7.21 are impacted. Thanks to CrowdStrike and Kekst CNC for bringing this to our attention.
https://www.crowdstrike.com/security-advisories/cve-2025-1146/
https://nvd.nist.gov/vuln/detail/CVE-2025-1146