Denial of Service Vulnerability in HX Console by Trellix
CVE-2025-0617

5.9MEDIUM

Key Information:

Vendor
Trellix
Status
Trellix Hx Console
Vendor
CVE Published:
29 January 2025

Summary

An attacker with access to Trellix HX console versions 10.0.0 and earlier can exploit the system by sending specially-crafted data. This malicious data triggers a file parsing issue, leading to exponential entity expansions that overwhelm the consumer process and result in a Denial of Service. It is crucial to mitigate this vulnerability to protect against potential disruptions in service.

Affected Version(s)

Trellix HX Console 5.1.1

References

https://thrive.trellix.com/s/article/000014214

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-0617 : Denial of Service Vulnerability in HX Console by Trellix | SecurityVulnerability.io