CyberHappenings logo
☰

Elastic Defend EDR remote code execution claims rejected by vendor

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

Elastic has rejected claims of a zero-day remote code execution (RCE) flaw in its Defend endpoint detection and response (EDR) product. AshES Cybersecurity alleged a NULL pointer dereference flaw in the Defend kernel driver could bypass EDR protections, enable RCE, and establish persistence. Elastic's investigation found no evidence supporting these claims. The researcher did not share full details or proof-of-concept with Elastic, instead publishing videos and a blog post.

Timeline

  1. 19.08.2025 19:41 📰 1 articles

    Elastic rejects zero-day RCE claims in Defend EDR

    Elastic has rejected claims of a zero-day remote code execution (RCE) flaw in its Defend EDR product. AshES Cybersecurity alleged a NULL pointer dereference flaw in the Defend kernel driver could bypass EDR protections, enable RCE, and establish persistence. Elastic's investigation found no evidence supporting these claims. The researcher did not share full details or proof-of-concept with Elastic, instead publishing videos and a blog post.

    Show sources

Information Snippets

  • AshES Cybersecurity published a blog post on August 16, 2025, claiming a zero-day RCE flaw in Elastic Defend.

    First reported: 19.08.2025 19:41
    📰 1 source, 1 article
    Show sources
  • The alleged flaw involves a NULL pointer dereference in the 'elastic-endpoint-driver.sys' kernel driver.

    First reported: 19.08.2025 19:41
    📰 1 source, 1 article
    Show sources
  • Elastic's Security Engineering team conducted a thorough investigation and found no evidence supporting the claims.

    First reported: 19.08.2025 19:41
    📰 1 source, 1 article
    Show sources
  • AshES Cybersecurity did not share the full details or proof-of-concept with Elastic, instead opting for public disclosure.

    First reported: 19.08.2025 19:41
    📰 1 source, 1 article
    Show sources
  • Elastic has a bug bounty program that has paid over $600,000 since 2017.

    First reported: 19.08.2025 19:41
    📰 1 source, 1 article
    Show sources