Skip to main content

Trellix Network Security Nx Ex Fx Ax And Cms

1 CVEs product

Monthly

CVE-2025-7958 HIGH This Week

Authenticated code injection (CWE-94) in Trellix Network Security appliances (NX, EX, FX, AX, and CMS/Central Management) lets a logged-in administrator run arbitrary commands by abusing how the web UI renders Alert artifact details. The flaw requires existing high-privilege admin access on an adjacent network rather than remote anonymous access, so it functions primarily as a privilege/trust-boundary escape rather than a mass-exploitable internet-facing bug. The CVSS 4.0 maturity flag (E:P) indicates proof-of-concept exploit material exists, but the issue is not listed in CISA KEV and shows no confirmed active exploitation.

Code Injection RCE Trellix Network Security Nx Ex Fx Ax And Cms
NVD
CVSS 4.0
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Authenticated code injection (CWE-94) in Trellix Network Security appliances (NX, EX, FX, AX, and CMS/Central Management) lets a logged-in administrator run arbitrary commands by abusing how the web UI renders Alert artifact details. The flaw requires existing high-privilege admin access on an adjacent network rather than remote anonymous access, so it functions primarily as a privilege/trust-boundary escape rather than a mass-exploitable internet-facing bug. The CVSS 4.0 maturity flag (E:P) indicates proof-of-concept exploit material exists, but the issue is not listed in CISA KEV and shows no confirmed active exploitation.

Code Injection RCE Trellix Network Security Nx Ex Fx Ax And Cms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy