CVE-2025-0664
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-22
Assigner: Trellix
Description
Description
A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a locally authenticated, privileged user to create a malicious OpenSSL configuration file that can cause the agent to load an arbitrary local library. This can lead to the attacker executing code with SYSTEM-level privileges.
How can this vulnerability impact me? :
The vulnerability can impair endpoint defenses and allow an attacker to execute code with SYSTEM-level privileges, potentially compromising the entire system's security and control.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70