Elastic Defend has a serious vulnerability that allows file deletion and privilege escalation

Elastic recently released a security patch to fix a serious vulnerability in Elastic Defend, the endpoint protection component of the Elastic Security suite. The vulnerability, CVE-2025-37735, stems from an inaccurate permissions protection mechanism, which made the Defend service run with SYSTEM permissions that could be used to delete arbitrary files on Windows machines. In some scenarios, this behavior can lead to escalation of local privilege and allow the attacker to take full control of the system.

CVE-2025-37735 was rated high with a CVSS 7.0 score, reflecting significant risk to system integrity and security. When a security process is given the highest priority but can be manipulated, the consequence is not only the loss of data but also the opening to further attacks. For businesses that are using Elastic Defend as the front line defense, exploiting vulnerabilities can seriously compromise entire internal infrastructure.

Elastic confirmed that 8.x and 9.x branches were affected and recommended immediate upgrades to patched versions 8.19.6, 9.1.6 or 9.2.0. The update focused on fixing bugs in the rights management mechanism, which prevented the ability for the Defend service to be used to illegally manipulate system files. Delaying the update will increase the risk of exploitation, especially in cases where the attacker has initial access through forms such as fraud or other vulnerability exploitation.

In the absence of an immediate update, Elastic proposed the temporary use of Elastic Defend on Windows 11 version 24H2 or later, as the operating system added tighter access control mechanisms, which reduced exploitability. However, this is only a temporary mitigation measure and can not replace the official patch application.

Elastic also recommends proactive organizations that check the system, identify devices running Elastic Defend, and monitor for unusual signs such as unexplained file deletions. Maintaining proper decentralization, periodic backups, and timely software updates continue to be key factors for minimizing security risks in an increasingly complex cybersecurity environment.

Posts and Telecommunications Institute of Technology

FACULTY OF INFORMATION SECURITY

Elastic Defend has a serious vulnerability that allows file deletion and privilege escalation

Related posts

Posts and Telecommunications Institute of Technology

FACULTY OF INFORMATION SECURITY

QUICK LINKS

Posts and Telecommunications Institute of Technology

FACULTY OF INFORMATION SECURITY

Elastic Defend has a serious vulnerability that allows file deletion and privilege escalation

Elastic Defend has a serious vulnerability that allows file deletion and privilege escalation

Related posts

Tinasoft

The Faculty of Information Security joins admissions counseling at gifted high schools in Ninh Binh and Thanh Hoa.

PWC

PTIT is entitled to multiple majors eligible for scholarship policies under the Government’s Decree No. 179/2026/ND-CP

PTIT enrol in the Bachelor – Master Integrated Information Security Talent Program in 2026

COOPERATIVE ENTERPRISES

Posts and Telecommunications Institute of Technology

FACULTY OF INFORMATION SECURITY