Stored Cross-Site Scripting Vulnerability in ENS HX by Trellix
CVE-2025-5967

5.3MEDIUM

Key Information:

Vendor: Trellix
Status: Endpoint Security Hx
Vendor: CVE Published:; 1 July 2025

What is CVE-2025-5967?

A vulnerability exists in ENS HX version 10.0.4 that allows an attacker to exploit a stored cross-site scripting flaw. By injecting arbitrary HTML into the Malware Scan Name field, unauthorized users can potentially expose sensitive data, creating a serious security risk. This vulnerability underscores the importance of input validation and proper sanitization measures to safeguard against such attacks.

Affected Version(s)

Endpoint Security HX 10.0.4

References

https://thrive.trellix.com/s/article/000014606

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2025
Vulnerability Reserved
Jun 10, 2025

Credit

Amer Dandis