FlagThis - #crowdstrike

CrowdStrike has addressed a high-severity Transport Layer Security (TLS) vulnerability, identified as CVE-2025-1146, affecting its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability stems from a validation logic error in the TLS connection routine, which could allow attackers with control over network traffic to conduct man-in-the-middle (MiTM) attacks, intercepting and manipulating traffic between the sensor and the CrowdStrike cloud. The company internally discovered this flaw and released a security fix.

All versions of the affected Falcon sensors prior to version 7.21 are vulnerable, excluding hotfix builds for supported versions. CrowdStrike has rated the severity as 8.1 (HIGH) and emphasizes that Windows and Mac sensors are not affected. Although there is no indication of active exploitation in the wild, users are strongly advised to update to version 7.21 or later. Hotfixes are available in the Falcon console and can be applied via sensor update policies or binary downloads. CrowdStrike confirms the patch does not impact sensor performance.


References :

• securityonline.info: CrowdStrike Addresses High-Severity TLS Vulnerability in Falcon Sensor for Linux (CVE-2025-1146)
• www.crowdstrike.com: CrowdStrike : CrowdStrike Falcon Sensor for Linux TLS Issue
• : info.exchange Post happy from CrowdStrike : CrowdStrike Falcon Sensor for Linux TLS Issue
• securityonline.info: CrowdStrike Addresses High-Severity TLS Vulnerability in Falcon Sensor for Linux (CVE-2025-1146)
• Talkback Resources: CrowdStrike Addresses High-Severity TLS Vulnerability in Falcon Sensor for Linux (CVE-2025-1146) [app] [net]

Classification:

• HashTags: #CrowdStrike #TLS #MitM
• Company: CrowdStrike
• Target: Linux systems
• Product: Falcon Sensor
• Feature: TLS validation
• Malware: CVE-2025-1146
• Type: Vulnerability
• Severity: High