Elastic disclosed a high-severity vulnerability (CVE-2025-37735) in its Defend security software for Windows that could let attackers escalate privileges to gain admin control. The flaw affects versions up to 8.19.5 and 9.0.0 through 9.1.5, scoring 7.0 on the CVSS scale.
The bug stems from improper file permission handling in the Defend service, which runs with SYSTEM-level privileges. Attackers with local access could exploit this to delete arbitrary files and potentially gain full system control.
Elastic urges immediate upgrades to fixed versions 8.19.6, 9.1.6, or 9.2.0. Organizations unable to patch immediately should consider upgrading to Windows 11 24H2, which makes exploitation much harder.
Source: Cybersecurity News