Trellix
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Trellix product.
RSS Feeds for Trellix security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Trellix products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Trellix Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 1 vulnerability in Trellix. Trellix did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 5 | 6.28 |
| 2023 | 12 | 7.23 |
| 2022 | 2 | 6.95 |
It may take a day or so for new Trellix vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Trellix Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-14963 | Feb 24, 2026 |
HX Agent fekern.sys LPE via BYOVD to LSASSA vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the products tamper protection restricts the ability to communicate with the driver to only the Agents processes. |
Agent
|
| CVE-2024-5956 | Sep 05, 2024 |
IPS Manager Auth Bypass Partial Data Access (CVE20245956)This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly |
Intrusion Prevention System Manager
|
| CVE-2024-5957 | Sep 05, 2024 |
Unauth Auth Bypass in Wazuh Manager APIThis vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. |
Intrusion Prevention System Manager
|
| CVE-2024-4176 | Jun 13, 2024 |
EDR XConsole XSS via CommandLine VariablesAn Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user. |
Xconsole
|
| CVE-2023-6072 | Feb 13, 2024 |
XSS in Trellix CM <9.1.3.97129 DashboardA cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. |
Central Management System
|
| CVE-2024-0213 | Jan 09, 2024 |
Trend Micro TA <5.8.1 - Buffer Overflow in Root-Running TA Service (Linux/Mac)A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. |
Agent
|
| CVE-2023-6071 | Nov 30, 2023 |
ESM 11.6.9 CMD Injection via data sourceroot execAn Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source. |
Enterprise Security Manager
|
| CVE-2023-6070 | Nov 29, 2023 |
SSRF in ESM <11.6.8 via Certificate Upload APIA server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data |
Enterprise Security Manager
|
| CVE-2023-5607 | Nov 27, 2023 |
TACC ePO Extension Path Traversal via GTI file <8.4.0An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. |
Application And Change Control
|
| CVE-2023-6119 | Nov 16, 2023 |
Trellix GetSusp 5.0.0.27 LPE via Improper File Handle ManageAn Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this runs with high privileges, the attacker gains elevated permissions. The file handles are opened as read-only. |
Getsusp
|
| CVE-2023-3665 | Oct 04, 2023 |
Trellix ENS 10.7.0 Local User Code Injection & DOS via ENV VarsA code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. |
Endpoint Security
|
| CVE-2023-4814 | Sep 14, 2023 |
Privilege Escalation in Trellix Windows DLP Endpoint (File Deletion)A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. |
Data Loss Prevention
|
| CVE-2023-3314 | Jul 03, 2023 |
Zip util: unsanitized zip file triggers external command executionA vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary commands or obtain elevation of system privileges. |
Enterprise Security Manager
|
| CVE-2023-3438 | Jul 03, 2023 |
Unquoted Path PrivEsc in McAfee MOVE 4.10.x mvagtsce.exeAn unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services. |
Move
|
| CVE-2023-3313 | Jul 03, 2023 |
Tenable ESM Certificate API Command InjectionAn OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands. |
Enterprise Security Manager
|
| CVE-2023-1388 | Jun 07, 2023 |
Heap overflow in TA <5.7.9 allows remote heap tampering in macmnsvcA heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. |
Agent
|
| CVE-2023-0978 | Mar 13, 2023 |
Command Injection in Trellix Intelligent Sandbox CLI v5.2 and earlierA command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack |
Intelligent Sandbox
|
| CVE-2023-0214 | Jan 18, 2023 |
XSS in Skyhigh SWG <11.2.6, <10.2.17, <12.0.1 via crafted internal URLsA cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG. |
Skyhigh Secure Web Gateway
|
| CVE-2022-3859 | Nov 30, 2022 |
Uncontrolled Search Path Vulnerability in Trellix Agent <5.7.8 (DLL)An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there. |
Agent
|
| CVE-2022-3340 | Nov 04, 2022 |
XXE in Trellix IPS Manager <10.1 M8 admin XML importXML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported. |
Intrusion Prevention System Manager
|