CVE-2025-14963

MEDIUM EPSS 1.1%

Published Feb 24, 20264mo ago · Modified Feb 26, 20264mo ago

6.2 CVSS 4.0

Medium

Published Feb 24, 2026 4mo ago

Last Modified Feb 26, 2026 4mo ago

Description

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the Agent’s processes.

CVSS Details

Base Score

6.2

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity High

Privileges Required High

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

1.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 3

Vendor	Product	Version	Range
trellix	endpoint_security	*	≥30.0.0 – ≤34.0.0
trellix	endpoint_security	35.31.0-37	any
trellix	endpoint_security	36.30.0-17	any

References 1

thrive.trellix.com https://thrive.trellix.com/s/article/000015100

Permissions Required

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.