The newly identified vulnerability enables a malicious third party to invoke a persistent denial of service condition in the FireEye EDR agent by sending a specially crafted tamper protection event to the HX service, which triggers an exception in the processing logic. A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective. Security experts are particularly concerned because this exception prevents further tamper protection events from being processed, even after a system reboot, leaving endpoints vulnerable to additional attacks. When functioning correctly, tamper protection ensures that key security settings remain enabled, including real-time protection and threat detection capabilities. Security experts warn that while it directly causes a denial of service, it may indirectly lead to data loss through unprocessed events, leaving attackers’ activities undetected. The code to exploit this vulnerability requires detailed knowledge of the HX service architecture and tamper protection implementation specifics. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability, tracked as CVE-2025-0618, was disclosed today and highlights the ongoing challenges in securing endpoint protection platforms against sophisticated threat actors.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Apr 2025 14:10:10 +0000