CVE-2025-5967 is a stored cross-site scripting (XSS) vulnerability identified in Trellix Endpoint Security HX version 10.0.4. This vulnerability arises due to improper neutralization of input during web page generation (CWE-79), specifically within the Malware Scan Name field of the product. An attacker with high privileges and partial authentication can inject arbitrary HTML or script code into this field, which is then stored and rendered in the application interface. When other users or administrators view the affected interface, the malicious script executes in their browsers, potentially exposing sensitive data or enabling further attacks such as session hijacking or privilege escalation. The vulnerability requires high attack complexity and privileges, and user interaction is needed for exploitation. The CVSS 4.0 base score is 5.3 (medium severity), reflecting these factors. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects a security product used for endpoint protection, which is critical infrastructure for organizational cybersecurity. Stored XSS in such a context can undermine trust in security controls and lead to data leakage or manipulation of security events.

For European organizations, this vulnerability poses a significant risk due to the critical role of endpoint security solutions like Trellix ENS HX in protecting corporate networks and sensitive data. Successful exploitation could lead to exposure of sensitive information, including security event data or user credentials, potentially facilitating lateral movement or further compromise within the network. Given the GDPR and other stringent data protection regulations in Europe, any data leakage could result in regulatory penalties and reputational damage. Additionally, since the vulnerability requires high privileges and user interaction, insider threats or compromised privileged accounts could be leveraged to exploit this flaw. The impact extends beyond confidentiality to integrity and availability, as attackers might manipulate security alerts or configurations, undermining the overall security posture of affected organizations.

European organizations using Trellix Endpoint Security HX 10.0.4 should prioritize the following mitigations: 1) Immediately restrict access to the Malware Scan Name field to only the most trusted and necessary personnel to reduce the risk of malicious input. 2) Implement strict input validation and output encoding on the Malware Scan Name field to neutralize any injected scripts, even before vendor patches are available. 3) Monitor logs and user activities for unusual input patterns or unexpected HTML/script content in the application interface. 4) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts within the application context. 5) Coordinate with Trellix for timely patch deployment once available and verify the patch effectiveness through testing. 6) Conduct user awareness training focused on recognizing suspicious behaviors related to endpoint security management interfaces. 7) Consider network segmentation and least privilege principles to minimize the impact scope if exploitation occurs.