CVE-2025-14963 - Trellix HX Agent Local Privilege Escalation (LSE) Vulnerability
CVE ID : CVE-2025-14963
Published : Feb. 24, 2026, 5:11 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys; a driver file associated with Trellix HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the agent’s processes.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Feb. 24, 2026, 5:11 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys; a driver file associated with Trellix HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the agent’s processes.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...