Action1 Released Patches to Address Vulnerability

Cybersecurity
Written By RF Wave

A high-severity vulnerability was discovered in the Action1 Windows agent and disclosed to Action1 on Apr 28, 2025. The vulnerability is tracked as ZDI-CAN-26767, and when exploited, allows an attacker with local privileges to execute code with administrative privileges.

Impacted Versions

The vulnerability affects Action1 Windows agents versions 5.216.617.1 and earlier

Why You Should Care?

Action1 is an endpoint management tool, and these types of tools run with administrative privileges as they need to push software and operating system updates and commands.

If a tool that has administrative privileges gets compromised, then the attacker has full privileges on the device, allowing it to take over the device. With the ability to execute code, the attacker can take full control over the device.

Remediation

  • Update Action1 agent to version 5.218.620.1

References

  • https://www.action1.com/blog/acknowledging-zdi-can-26767-high-severity-vulnerability-in-action1-agent/

RF Wave
Previous

Happy Mother’s Day! - May 11, 2025
Next

TikTok fined in EU and more - May 4, 2025