CVE-2025-14963

Name of the Vulnerable Software and Affected Versions Trellix HX Agent (affected versions not specified)

Description A security issue exists in the Trellix HX Agent driver file fekern.sys that could allow a local user to gain elevated system privileges. Exploitation involved leveraging a Bring Your Own Vulnerable Driver (BYOVD) technique to access memory associated with the lsass.exe process (Local Security Authority Subsystem Service). The fekern.sys file is associated with all existing versions of Trellix HX Agent. While the driver itself is not directly exploitable due to tamper protection restricting communication to agent processes, a threat actor could potentially exploit the issue with appropriate access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.