Taegis Endpoint Agent Code Injection Vulnerability Allowing Local Privilege Escalation

Vulnerability

A code injection vulnerability has been identified in the Debian package component of Taegis Endpoint Agent for Linux, affecting versions prior to 1.3.10. This vulnerability allows local users to execute arbitrary code with root privileges. It is important to note that Red Hat-based systems using RPM packages are not affected.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code as the root user, potentially allowing for full control over the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Taegis Endpoint Agent Code Injection Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Affected Products

Sophos Taegis Endpoint Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating