CVE-2025-3599 MEDIUM

CVE-2025-3599: Symantec Endpoint Protection Elevation of Privilege

Weakness CWE-367
Published April 30, 2025
Last update April 30, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user.

Key dates

02Disclosure timeline

April 30, 2025 CVE published
April 30, 2025 Record updated