Trellix Agent
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Trellix Agent.
By the Year
In 2026 there have been 1 vulnerability in Trellix Agent. Agent did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.80 |
| 2023 | 1 | 8.10 |
| 2022 | 1 | 6.70 |
It may take a day or so for new Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Trellix Agent Security Vulnerabilities
HX Agent fekern.sys LPE via BYOVD to LSASS
CVE-2025-14963
- February 24, 2026
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the products tamper protection restricts the ability to communicate with the driver to only the Agents processes.
Improper Input Validation
Trend Micro TA <5.8.1 - Buffer Overflow in Root-Running TA Service (Linux/Mac)
CVE-2024-0213
7.8 - High
- January 09, 2024
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly.
Classic Buffer Overflow
Heap overflow in TA <5.7.9 allows remote heap tampering in macmnsvc
CVE-2023-1388
8.1 - High
- June 07, 2023
A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
Memory Corruption
Uncontrolled Search Path Vulnerability in Trellix Agent <5.7.8 (DLL)
CVE-2022-3859
6.7 - Medium
- November 30, 2022
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
DLL preloading
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Trellix Agent or by Trellix? Click the Watch button to subscribe.
