Plataforma
broadcom
Componente
symantec-web-security-services-agent
Corrigido em
9.8.5
CVE-2025-13917 describes a Privilege Escalation vulnerability discovered in Symantec Web Security Services Agent. This flaw allows an attacker to potentially compromise the application and gain elevated access to system resources. The vulnerability affects versions 9.8.4 and 9.8.5, and a patch is available in version 9.8.5.
Successful exploitation of CVE-2025-13917 could allow an attacker to bypass security controls and gain unauthorized access to sensitive data and system functionalities. An attacker could leverage this privilege escalation to execute arbitrary code with elevated privileges, potentially leading to complete system compromise. The blast radius extends to any data or services accessible by the Symantec Web Security Services Agent, making it a significant risk for organizations relying on this security agent.
CVE-2025-13917 was published on 2026-01-28. As of this date, there are no publicly known proof-of-concept exploits. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any updates regarding active exploitation campaigns.
Organizations utilizing Symantec Web Security Services Agent in their environments, particularly those running versions 9.8.4 and 9.8.5, are at risk. This includes businesses relying on the agent for web security filtering and content inspection, especially those with less frequent patching cycles.
• broadcom / server:
ps -ef | grep 'Symantec Web Security Services Agent'• broadcom / server:
journalctl -u 'wssagent'disclosure
Status do Exploit
EPSS
0.01% (percentil 3%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-13917 is to upgrade to Symantec Web Security Services Agent version 9.8.5 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls and monitoring for suspicious activity related to the agent. While a direct workaround is unavailable, regularly reviewing agent configurations and ensuring least privilege principles are enforced can reduce the potential impact. After upgrade, confirm successful patching by verifying the agent version.
Atualize o Symantec Web Security Services Agent para a versão 9.8.5 ou posterior. Esta atualização corrige a vulnerabilidade de elevação de privilégios. Consulte o aviso de segurança da Broadcom para obter mais detalhes e instruções específicas.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-13917 is a vulnerability in Symantec Web Security Services Agent allowing attackers to gain elevated privileges. It affects versions 9.8.4 and 9.8.5, potentially compromising system resources.
You are affected if you are running Symantec Web Security Services Agent versions 9.8.4 or 9.8.5. Upgrade to 9.8.5 to eliminate the vulnerability.
Upgrade to version 9.8.5 or later. If immediate upgrade is not possible, implement stricter access controls and monitor for suspicious activity.
As of the publication date, there are no publicly known active exploitation campaigns for CVE-2025-13917. However, continuous monitoring is recommended.
Refer to the Broadcom Security Advisory for CVE-2025-13917 for detailed information and official guidance.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.