CVE-2025-13917 identifies an elevation of privilege vulnerability in Broadcom's Symantec Web Security Services (WSS) Agent, specifically affecting versions prior to 9.8.5, such as 9.8.4. The vulnerability is classified under CWE-269, which pertains to improper privilege management. This means the software does not adequately enforce access controls, allowing an attacker with limited privileges on the host system to escalate their privileges to a higher level, potentially administrative or system-level. The CVSS v3.1 base score is 7.0, indicating high severity, with vector metrics AV:L (Local), AC:H (High complexity), PR:L (Low privileges required), UI:N (No user interaction), and scope unchanged (S:U). The attack requires local access to the system, and the complexity is high, implying that exploitation is non-trivial and may require specific conditions or expertise. No user interaction is needed once local access is obtained, increasing the risk of automated or stealthy exploitation. The vulnerability impacts confidentiality, integrity, and availability, as elevated privileges can allow an attacker to access sensitive data, modify system configurations, or disrupt services. Currently, there are no known exploits in the wild, and no official patches have been released at the time of publication (January 28, 2026). The vulnerability was reserved in December 2025 and published shortly after. The affected product, Symantec WSS Agent, is widely used in enterprise environments to enforce web security policies and protect endpoints from web-based threats. Improper privilege management in such a security agent can undermine the entire security posture of an organization, making this vulnerability critical to address.

For European organizations, the impact of CVE-2025-13917 can be significant, especially for enterprises and public sector entities relying on Broadcom's Symantec WSS Agent for web security enforcement. Successful exploitation could allow attackers who have gained limited local access—such as through phishing, insider threats, or other initial footholds—to escalate privileges and gain control over security agent functions. This can lead to unauthorized access to sensitive data, manipulation or disabling of security controls, and potential lateral movement within networks. Critical infrastructure sectors, financial institutions, and government agencies are particularly at risk due to the sensitive nature of their data and operations. The vulnerability could also facilitate persistence mechanisms for advanced threat actors. Given the high complexity of exploitation, the immediate risk is moderated, but the absence of patches and the critical role of the affected software increase the urgency for mitigation. The impact on confidentiality, integrity, and availability is high, potentially leading to data breaches, service disruptions, and compliance violations under regulations such as GDPR.

1. Upgrade to Symantec WSS Agent version 9.8.5 or later as soon as Broadcom releases the patch addressing CVE-2025-13917. 2. Until a patch is available, restrict local access to systems running the affected WSS Agent version by enforcing strict access controls and limiting administrative privileges. 3. Implement application whitelisting and endpoint detection and response (EDR) solutions to monitor for suspicious privilege escalation attempts. 4. Conduct regular audits of user privileges and system logs to detect anomalous activities indicative of exploitation attempts. 5. Harden host systems by disabling unnecessary services and applying the principle of least privilege to all accounts. 6. Educate users and administrators about the risks of local compromise and the importance of reporting unusual system behavior. 7. Coordinate with Broadcom support and subscribe to their security advisories to receive timely updates and patches. 8. Consider network segmentation to isolate critical systems running the WSS Agent to reduce the attack surface. 9. Prepare incident response plans that include scenarios involving privilege escalation on security agents.