CVE-2025-1146

Summary

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validation. This could allow an attacker with the ability to control network traffic to potentially conduct a man-in-the-middle (MiTM) attack. CrowdStrike identified this issue internally and released a security fix in all Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor versions 7.06 and above.

CrowdStrike identified this issue through our longstanding, rigorous security review process, which has been continually strengthened with deeper source code analysis and ongoing program enhancements as part of our commitment to security resilience. CrowdStrike has no indication of any exploitation of this issue in the wild. CrowdStrike has leveraged its world class threat hunting and intelligence capabilities to actively monitor for signs of abuse or usage of this flaw and will continue to do so.

Windows and Mac sensors are not affected by this.

Affected Software

VendorProductVersion RangeStatus
CrowdStrikeFalcon sensor for Linux7.21.17405unaffected
CrowdStrikeFalcon sensor for Linux7.20 < 7.20.17308affected
CrowdStrikeFalcon sensor for Linux7.19 < 7.19.17221affected
CrowdStrikeFalcon sensor for Linux7.18 < 7.18.17131affected
CrowdStrikeFalcon sensor for Linux7.17 < 7.17.17014affected
CrowdStrikeFalcon sensor for Linux7.16 < 7.16.16909affected
CrowdStrikeFalcon sensor for Linux7.15 < 7.15.16806affected
CrowdStrikeFalcon sensor for Linux7.14 < 7.14.16705affected
CrowdStrikeFalcon sensor for Linux7.13 < 7.13.16606affected
CrowdStrikeFalcon sensor for Linux7.11 < 7.11.16410affected
CrowdStrikeFalcon sensor for Linux7.10 < 7.10.16321affected
CrowdStrikeFalcon sensor for Linux7.07 < 7.07.16209affected
CrowdStrikeFalcon sensor for Linux7.06 < 7.06.16113affected
CrowdStrikeFalcon Kubernetes Admission Controller7.21.1904unaffected
CrowdStrikeFalcon Kubernetes Admission Controller7.20 < 7.20.1808affected
CrowdStrikeFalcon Kubernetes Admission Controller7.18 < 7.18.1605affected
CrowdStrikeFalcon Kubernetes Admission Controller7.17 < 7.17.1503affected
CrowdStrikeFalcon Kubernetes Admission Controller7.16 < 7.16.1403affected
CrowdStrikeFalcon Kubernetes Admission Controller7.14 < 7.14.1203affected
CrowdStrikeFalcon Kubernetes Admission Controller7.13 < 7.13.1102affected
CrowdStrikeFalcon Kubernetes Admission Controller7.12 < 7.12.1002affected
CrowdStrikeFalcon Kubernetes Admission Controller7.11 < 7.11.904affected
CrowdStrikeFalcon Kubernetes Admission Controller7.10 < 7.10.806affected
CrowdStrikeFalcon Kubernetes Admission Controller7.06 < 7.06.603affected
CrowdStrikeFalcon Container Sensor7.21.6003unaffected
CrowdStrikeFalcon Container Sensor7.20 < 7.20.5908affected
CrowdStrikeFalcon Container Sensor7.19 < 7.19.5807affected
CrowdStrikeFalcon Container Sensor7.18 < 7.18.5705affected
CrowdStrikeFalcon Container Sensor7.17 < 7.17.5603affected
CrowdStrikeFalcon Container Sensor7.16 < 7.16.5503affected
CrowdStrikeFalcon Container Sensor7.15 < 7.15.5403affected
CrowdStrikeFalcon Container Sensor7.14 < 7.14.5306affected
CrowdStrikeFalcon Container Sensor7.13 < 7.13.5202affected
CrowdStrikeFalcon Container Sensor7.12 < 7.12.5102affected
CrowdStrikeFalcon Container Sensor7.11 < 7.11.5003affected
CrowdStrikeFalcon Container Sensor7.10 < 7.10.4907affected
CrowdStrikeFalcon Container Sensor7.06 < 7.06.4705affected

Weaknesses

  • CWE-296: CWE-296: Improper Following of a Certificate's Chain of Trust

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References