Trellix HX Console Denial-of-Service Vulnerability via Exponential Entity Expansion

Vulnerability

A denial-of-service vulnerability has been identified in Trellix HX versions through 10.0.0. An attacker with access to the HX console can send specially-crafted data that triggers malicious detection. This, in turn, causes the consumer process to parse files with exponential entity expansions, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, disrupting the normal operation of the affected system or application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trellix HX Console Denial-of-Service Vulnerability via Exponential Entity Expansion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating