CVE-2025-0618

{"id": "CVE-2025-0618", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-23T07:15:42.687", "references": [{"url": "https://thrive.trellix.com/s/article/000014456", "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX."}, {"lang": "es", "value": "Un tercero malintencionado podr\u00eda invocar una vulnerabilidad de denegaci\u00f3n de servicio persistente en FireEye EDR agent enviando un evento de protecci\u00f3n contra manipulaciones especialmente manipulado al servicio HX para activar una excepci\u00f3n. Esta excepci\u00f3n impedir\u00e1 que se procesen m\u00e1s eventos de protecci\u00f3n contra manipulaciones, incluso despu\u00e9s de reiniciar HX."}], "lastModified": "2025-04-23T14:08:13.383", "sourceIdentifier": "trellixpsirt@trellix.com"}