CVE-2020-25502

HIGH

Cybereason Endpoint Detection And Response - Uncontrolled Search Path

Title source: rule

Description

Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.

References (3)

[Vendor Advisory] http://cybereason.com

[Not Applicable] http://endpoint.com

[Vendor Advisory] https://www.cybereason.com/cybereason-vulnerability-disclosure

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 41.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

cybereason/endpoint_detection_and_response < 19.1.282

cybereason/endpoint_detection_and_response

Timeline

Published Jan 20, 2023

Tracked Since Feb 18, 2026