Privilege Escalation Vulnerability in OpenSSL Configurations Impacting Trellix Software
CVE-2025-0664

6.7MEDIUM

Key Information:

Vendor: Trellix
Status: Trellix Endpoint Security (hx) Agent
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-0664?

A vulnerability exists that allows a locally authenticated, privileged user to create a malicious OpenSSL configuration file. This misconfiguration can cause the software agent to load an arbitrary local library, compromising endpoint defenses. As a result, attackers could potentially execute code with SYSTEM-level privileges, exposing critical systems to unauthorized access and manipulation.

Affected Version(s)

Trellix Endpoint Security (HX) Agent 36.30.0 and 35.31.28

References

https://thrive.trellix.com/s/article/000014450

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jan 23, 2025