Critical Zero-Day in Elastic EDR: Signed Kernel Driver Can Be Weaponized for RCE

Sunday, 17 August

Sunday, 17 August, 2025

Critical Zero-Day in Elastic EDR: Signed Kernel Driver Can Be Weaponized for RCE

Ashes Cybersecurity disclosed a zero-day in Elastic’s kernel driver elastic-endpoint-driver.sys (CWE-476 NULL-pointer dereference) that lets attackers bypass EDR, achieve remote code execution, install a persistent malicious driver, and repeatedly trigger BSODs. The researcher produced a reliable PoC against version 8.17.6 and reported it via HackerOne and ZDI; no patch is available yet. Organisations should monitor kernels and apply mitigations promptly now.

Read full story at Cybersecurity News

Tags:cybersecurity code malicious

Categories

Critical Zero-Day in Elastic EDR: Signed Kernel Driver Can Be Weaponized for RCE

Also Read

Companies Adopt Hybrid Customer Service: AI for Speed, Humans for Complexity

Google, Amazon, Microsoft Urge U.S. Treasury to Preserve Clean Energy Subsidies

CoreWeave Insiders Sell Over $1 Billion in Shares After IPO Lock-Up Ends

Critical Zero-Day in Elastic EDR: Signed Kernel Driver Can Be Weaponized for RCE

CISA Issues New OT Cybersecurity Guide: Asset Inventory Framework

ERMAC 3.0 Android Banking Trojan Source Code Leaked

Tata Electronics in Talks with Merck for Exclusive Specialty-Chemical Supply

Fintechs See Unsecured Lending Rebound as Regulations Ease

Gemini’s H1 2025 Loss Widens to $282.5M on Falling Revenue in U.S. IPO Filing

Subscribe To Our Newsletter.