Code Injection Vulnerability in Trellix Network Security Product
CVE-2025-7958

7.1HIGH

Key Information:

Vendor: Trellix
Status: Trellix Network Security Nx, Ex, Fx, Ax, And Cms
Vendor: CVE Published:; 26 June 2026

What is CVE-2025-7958?

A code injection vulnerability was identified in Trellix's Network Security CM and NX products. This vulnerability allows a locally authenticated admin user to execute arbitrary code through the web interface by leveraging Alert artifact details. As a result, it raises significant security concerns about unauthorized access and control within the network's management framework. It is essential for organizations using these products to address this issue promptly to protect against potential exploits.

Affected Version(s)

Trellix Network Security NX, EX, FX, AX, and CMS 10.0.4

References

https://support.trellix.com/s/article/000015433

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jul 21, 2025

CVE-2025-7958 Data

JSON