CVE-2025-0664

Published: Jul 21, 2025

Modified: Jul 21, 2025

PUBLISHED

Description

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges.

Vendor	Product	Versions
Trellix	Trellix Endpoint Security (HX) Agent	affected `36.30.0 and 35.31.28`

Weaknesses (CWE)

CWE-94

References

https://thrive.trellix.com/s/article/000014450

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-0664

Description

Affected Products

Weaknesses (CWE)

References