Trellix OpenSSL Library Loading Vulnerability Leading to Privileged Code Execution

Vulnerability

A vulnerability exists allowing locally authenticated, privileged users to create a malicious OpenSSL configuration file. This file can cause the agent to load an arbitrary local library, potentially disrupting endpoint defenses and enabling the attacker to execute code with SYSTEM-level privileges.

Impact

Exploitation of this vulnerability could result in unauthorized code execution with SYSTEM-level privileges, bypassing endpoint defenses.

Added: Jul 21, 2025, 7:31 AM

Updated: Jul 21, 2025, 7:31 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

1.4

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trellix OpenSSL Library Loading Vulnerability Leading to Privileged Code Execution

Vulnerability

Impact

Affected Products

Trellix Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating