Skip to main content

CVE-2025-5967: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Trellix Endpoint Security HX

Medium
VulnerabilityCVE-2025-5967cvecve-2025-5967cwe-79
Published: Tue Jul 01 2025 (07/01/2025, 02:56:34 UTC)
Source: CVE Database V5
Vendor/Project: Trellix
Product: Endpoint Security HX

Description

A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.

AI-Powered Analysis

AILast updated: 07/01/2025, 03:39:27 UTC

Technical Analysis

CVE-2025-5967 is a stored cross-site scripting (XSS) vulnerability identified in Trellix Endpoint Security HX version 10.0.4. This vulnerability arises due to improper neutralization of input during web page generation (CWE-79), specifically within the Malware Scan Name field of the product. An attacker with high privileges and partial authentication can inject arbitrary HTML or script code into this field, which is then stored and rendered in the application interface. When other users or administrators view the affected interface, the malicious script executes in their browsers, potentially exposing sensitive data or enabling further attacks such as session hijacking or privilege escalation. The vulnerability requires high attack complexity and privileges, and user interaction is needed for exploitation. The CVSS 4.0 base score is 5.3 (medium severity), reflecting these factors. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects a security product used for endpoint protection, which is critical infrastructure for organizational cybersecurity. Stored XSS in such a context can undermine trust in security controls and lead to data leakage or manipulation of security events.

Potential Impact

For European organizations, this vulnerability poses a significant risk due to the critical role of endpoint security solutions like Trellix ENS HX in protecting corporate networks and sensitive data. Successful exploitation could lead to exposure of sensitive information, including security event data or user credentials, potentially facilitating lateral movement or further compromise within the network. Given the GDPR and other stringent data protection regulations in Europe, any data leakage could result in regulatory penalties and reputational damage. Additionally, since the vulnerability requires high privileges and user interaction, insider threats or compromised privileged accounts could be leveraged to exploit this flaw. The impact extends beyond confidentiality to integrity and availability, as attackers might manipulate security alerts or configurations, undermining the overall security posture of affected organizations.

Mitigation Recommendations

European organizations using Trellix Endpoint Security HX 10.0.4 should prioritize the following mitigations: 1) Immediately restrict access to the Malware Scan Name field to only the most trusted and necessary personnel to reduce the risk of malicious input. 2) Implement strict input validation and output encoding on the Malware Scan Name field to neutralize any injected scripts, even before vendor patches are available. 3) Monitor logs and user activities for unusual input patterns or unexpected HTML/script content in the application interface. 4) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the application context. 5) Coordinate with Trellix for timely patch deployment once available and verify the patch effectiveness through testing. 6) Conduct user awareness training focused on recognizing suspicious behaviors related to endpoint security management interfaces. 7) Consider network segmentation and least privilege principles to minimize the impact scope if exploitation occurs.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
trellix
Date Reserved
2025-06-10T09:40:39.945Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 686354ef6f40f0eb728e0a94

Added to database: 7/1/2025, 3:24:31 AM

Last enriched: 7/1/2025, 3:39:27 AM

Last updated: 7/1/2025, 5:17:56 AM

Views: 3

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats