CVE-2025-5967 MEDIUM

CVE-2025-5967

Vendor Trellix
Product Endpoint Security HX
Weakness CWE-79 · XSS
Published July 1, 2025
Last update July 1, 2025

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.

Key dates

02Disclosure timeline

July 1, 2025 CVE published
July 1, 2025 Record updated