Privilege Escalation in Broadcom Automic Automation Agent for Unix
CVE-2025-4971

8.5HIGH

Key Information:

Vendor: Broadcom
Status: Automic Automation
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-4971?

The Broadcom Automic Automation Agent for Unix prior to versions 24.3.0 HF4 and 21.0.13 HF1 is vulnerable to a privilege escalation flaw. This allows low privileged users with execution rights on the agent executable to gain higher-level permissions, potentially compromising the security of the environment. It is essential for users to update to the latest versions to mitigate this risk.

Affected Version(s)

Automic Automation UNIX < 24.3.0 HF4, and < 21.0.13 HF1 < 24.3.0 HF4, and < 21.0.13 HF1

Automic Automation UNIX 24.3.0 HF4 or later, and 21.0.13 HF1 or later

References

https://support.broadcom.com/web/ecx/support-content-noti...

https://www.secuvera.de/advisories/secuvera-SA-2025-01.txt

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025