Elevated Privilege Vulnerability in Trellix HX Agent Driver
CVE-2025-14963

6.2MEDIUM

Key Information:

Vendor: Trellix
Status: Endpoint Hx Agent (xagent)
Vendor: CVE Published:; 24 February 2026

What is CVE-2025-14963?

A vulnerability within the driver file fekern.sys in the Trellix HX Agent allows a local user with access to elevate their system privileges. This vulnerability can be exploited through a Bring Your Own Vulnerable Driver (BYOVD) technique to gain control over the critical lsass.exe process. However, the driver itself is not directly exploitable as the tamper protection of the HX Agent restricts its interaction to only the agent’s processes, safeguarding against potential misuse.

Affected Version(s)

Endpoint HX Agent (xAgent) 36.30.0-17, 35.31.0-37, 34.x, 33.x and 30.x

References

https://thrive.trellix.com/s/article/000015100

CVSS V4

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Dec 19, 2025

CVE-2025-14963 Data

JSON