Elastic denies RCE zero-day in Defend EDR

First reported

19.08.2025 19:41

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Elastic has rejected claims of a zero-day remote code execution (RCE) vulnerability in its Defend endpoint detection and response (EDR) product. AshES Cybersecurity alleged a flaw in the 'elastic-endpoint-driver.sys' kernel driver that could bypass EDR monitoring and enable RCE. Elastic conducted an investigation and found no evidence to support the claims. AshES Cybersecurity published a blog post and videos demonstrating the alleged flaw, but Elastic could not reproduce the vulnerability. The company criticized AshES for not following coordinated disclosure principles and not providing reproducible exploits.

Timeline

19.08.2025 19:41 1 articles · 1mo ago

Elastic denies zero-day RCE vulnerability in Defend EDR
Elastic rejected claims of a zero-day remote code execution (RCE) vulnerability in its Defend EDR product. AshES Cybersecurity alleged a flaw in the 'elastic-endpoint-driver.sys' kernel driver that could bypass EDR monitoring and enable RCE. Elastic conducted an investigation and found no evidence to support the claims. AshES did not follow coordinated disclosure principles and did not provide reproducible exploits or full details of the vulnerability.
Show sources

Elastic rejects claims of a zero-day RCE flaw in Defend EDR — www.bleepingcomputer.com — 19.08.2025 19:41
Open in new tab

Information Snippets

AshES Cybersecurity claimed a NULL pointer dereference flaw in the 'elastic-endpoint-driver.sys' kernel driver.
First reported: 19.08.2025 19:41

1 source, 1 article
Show sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR — www.bleepingcomputer.com — 19.08.2025 19:41
The alleged flaw could bypass EDR monitoring, enable remote code execution, and establish persistence.
First reported: 19.08.2025 19:41

1 source, 1 article
Show sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR — www.bleepingcomputer.com — 19.08.2025 19:41
Elastic conducted a thorough investigation and found no evidence supporting the claims.
First reported: 19.08.2025 19:41

1 source, 1 article
Show sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR — www.bleepingcomputer.com — 19.08.2025 19:41
AshES Cybersecurity did not share the full details of the vulnerability or provide a proof-of-concept (PoC) to Elastic.
First reported: 19.08.2025 19:41

1 source, 1 article
Show sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR — www.bleepingcomputer.com — 19.08.2025 19:41
Elastic could not reproduce the alleged vulnerability and its effects.
First reported: 19.08.2025 19:41

1 source, 1 article
Show sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR — www.bleepingcomputer.com — 19.08.2025 19:41
AshES Cybersecurity published a blog post and videos demonstrating the alleged flaw, but Elastic criticized the lack of coordinated disclosure.
First reported: 19.08.2025 19:41

1 source, 1 article
Show sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR — www.bleepingcomputer.com — 19.08.2025 19:41

Summary

Timeline

Elastic denies zero-day RCE vulnerability in Defend EDR

Information Snippets