CVE-2025-7958
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
A Code Injection vulnerability in Trellix Network Security CM and NX allows a locally authenticated admin user to execute arbitrary code using the web interface and Alert artifact details.
Risk Assessment
The risk involves potential takeover of the device by an authorized administrator, which could lead to privilege escalation and compromise of system integrity.
Recommendation
It is recommended to immediately update Trellix Network Security CM and NX software to the latest version and restrict administrative access to trusted accounts.
Original NVD description (English source)
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.

