Remote Code Execution Vulnerability in SecureConnector Windows Agent from Forescout
CVE-2025-4660

8.7HIGH

Key Information:

Vendor: Forescout
Status: Secureconnector
Vendor: CVE Published:; 13 May 2025

Badges

📈 Score: 746👾 Exploit Exists📰 News Worthy

What is CVE-2025-4660?

CVE-2025-4660 is a critical remote code execution vulnerability found in the Windows agent component of the SecureConnector product developed by Forescout. SecureConnector is primarily used for secure network access and communication in enterprise environments. This vulnerability arises from improper access controls on a named pipe that is open to the Everyone group, allowing unrestricted network connections without authentication. An attacker could exploit this weakness to connect to the named pipe, redirect the SecureConnector agent to a malicious server, and execute arbitrary commands on the affected system. This potentially allows a malicious actor to gain unauthorized access and control over network resources, which can negatively impact an organization's security posture.

Potential impact of CVE-2025-4660

Unauthorized Remote Control: Exploiting this vulnerability could enable attackers to take remote control of the SecureConnector Windows agent, allowing them to execute arbitrary commands without any authentication, which could lead to full system compromise.
Data Breach: Attackers gaining access to the SecureConnector could siphon sensitive data from the affected systems, resulting in severe information leaks and compliance issues, particularly for organizations handling confidential or regulated data.
Widespread Network Intrusion: Given the nature of the vulnerability, an attack could potentially cascade through an organization’s network by leveraging the compromised SecureConnector agent to move laterally and access other connected systems, increasing the risk of extensive network exploitation.