CVE-2025-14963
Received
Received - Intake
Privilege Escalation via Vulnerable Trellix HX Agent Driver (fekern.sys
Publication date: 2026-02-24
Last updated on: 2026-02-26
Assigner: Trellix
Description
Description
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the Agent’s processes.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trellix | endpoint_security | From 30.0.0 (inc) to 34.0.0 (inc) |
| trellix | endpoint_security | 35.31.0-37 |
| trellix | endpoint_security | 36.30.0-17 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
