CVE-2025-9059 is a high-severity vulnerability affecting Broadcom's 8.6.IT Management Suite versions 8.6.x, 8.7.x, and 8.8. The vulnerability arises from an uncontrolled search path element issue (CWE-427) in the Altiris Core Agent Updater package executable (AeXNSC.exe). Specifically, this vulnerability enables DLL hijacking, where an attacker can place a malicious DLL in a location that the updater process searches before the legitimate DLL, causing the malicious code to be loaded and executed with elevated privileges. This results in an elevation of privileges vulnerability (CWE-269), allowing an attacker with limited privileges (low-level local access) to escalate their privileges on the affected system. The CVSS 4.0 score of 8.8 reflects a high impact on confidentiality, integrity, and availability, with the attack vector being local (AV:L), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), and partial scope change (S:P). The vulnerability affects critical components of the IT management suite used for endpoint management and software deployment, making it a significant risk for enterprise environments. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating the need for proactive mitigation. The vulnerability's exploitation could allow attackers to execute arbitrary code with elevated privileges, potentially leading to full system compromise, data exfiltration, or disruption of IT management operations.

For European organizations, especially those relying on Broadcom's IT Management Suite for endpoint and systems management, this vulnerability poses a serious risk. Exploitation could allow attackers to escalate privileges on managed endpoints, bypassing security controls and gaining unauthorized access to sensitive data or critical infrastructure. This could lead to widespread compromise within enterprise networks, disruption of IT operations, and potential data breaches affecting personal and corporate information protected under GDPR. The ability to elevate privileges without user interaction increases the risk of stealthy attacks, which could remain undetected for extended periods. Additionally, organizations in regulated sectors such as finance, healthcare, and government may face compliance and reputational risks if exploited. The lack of known exploits currently provides a window for mitigation, but the high severity and ease of exploitation by local attackers necessitate urgent attention.

1. Immediate mitigation should include restricting local access to systems running the affected Broadcom IT Management Suite versions to trusted personnel only, minimizing the risk of local attackers placing malicious DLLs. 2. Implement application whitelisting and code integrity policies (e.g., Windows Defender Application Control or AppLocker) to prevent unauthorized DLLs from loading. 3. Monitor and audit file system locations where DLLs are loaded by AeXNSC.exe to detect suspicious files or changes. 4. Employ endpoint detection and response (EDR) solutions to identify anomalous behaviors indicative of DLL hijacking or privilege escalation attempts. 5. Until official patches are released, consider isolating or limiting the use of the Altiris Core Agent Updater component where feasible. 6. Engage with Broadcom support channels for updates and apply patches promptly once available. 7. Educate IT staff about this vulnerability and ensure incident response plans include scenarios involving local privilege escalation via DLL hijacking. 8. Regularly review and harden system configurations to reduce attack surface, including removing unnecessary local accounts and enforcing least privilege principles.