CVE-2025-8304 MEDIUM

CVE-2025-8304: Information Disclosure in Identity Agent Registry Keys

Vendor Checkpoint

Product Identity Agent

Weakness CWE-200 · Info exposure

Published December 22, 2025

Last update December 22, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.

Key dates

02Disclosure timeline

December 22, 2025 CVE published

December 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-8304 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2025-8304

CWE CWE-200

CVSS 6.5 / MEDIUM

Affected versions