Sunday, May 25, 2025
HomeCVE/vulnerabilityCrowdstrike Falcon Sensor for Linux Vulnerability Allows MiTM Attack

Crowdstrike Falcon Sensor for Linux Vulnerability Allows MiTM Attack

Published on

SIEM as a Service

Follow Us on Google News

CrowdStrike has disclosed a vulnerability (CVE-2025-1146) in its Falcon Sensor for Linux, its Falcon Kubernetes Admission Controller, and its Falcon Container Sensor.

This flaw stems from a validation logic error in the handling of TLS (Transport Layer Security) connections, potentially exposing affected systems to man-in-the-middle (MiTM) attacks.

The vulnerability underscores the importance of prompt patching to maintain security in enterprise environments.

- Advertisement - Google News

The Vulnerability

The issue arises from improper validation of server certificates during TLS connections between the Falcon sensor and the CrowdStrike cloud.

This creates an opportunity for an attacker, with control over a network, to intercept and manipulate sensitive data in transit.

While no evidence of exploitation in the wild has been detected, CrowdStrike has rated the flaw as high severity, with a CVSS score of 3.1.

The vulnerability affects versions of the Falcon sensor for Linux, Kubernetes Admission Controller, and Container Sensor before 7.21.

Impacted Systems and Technical Details

Falcon Sensor prior to versions 7.2.1 are affected. The vulnerability is classified under CWE-296 (Improper Following of a Certificate’s Chain of Trust) and CAPEC-94 (Adversary-in-the-Middle).

Systems running outdated builds are considered at risk and require immediate remediation.

CrowdStrike identified the vulnerability during an internal review and has since released patches to address the flaw in impacted versions. Updated versions starting from 7.21 resolve the certificate validation issue.

The company has provided hotfixes for both supported and legacy versions, though it strongly recommends upgrading to the latest supported build for long-term security.

No performance degradation is expected or observed with these patches. Additionally, CrowdStrike’s threat intelligence and hunting teams are rigorously monitoring for any signs of exploitation related to this issue.

To mitigate the risk, CrowdStrike advises all affected organizations to:

  1. Upgrade Sensors: Update Linux hosts, Kubernetes admission controllers, and container sensors to fixed versions or apply hotfixes promptly.
  2. Replace Outdated Binaries: Ensure any deployment packages or orchestration tools are using the updated versions to prevent new installations with vulnerabilities.
  3. Monitor for Detection: CrowdStrike Falcon Exposure Management has activated detections to help identify affected hosts and guide organizations toward remediation.

This vulnerability highlights the risks associated with TLS connection handling in critical infrastructure.

Organizations leveraging CrowdStrike’s Falcon products for Linux environments should act urgently to apply the recommended updates and maintain robust security postures.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...