平台
broadcom
组件
symantec-web-security-services-agent
修复版本
9.8.5
CVE-2025-13917 describes a Privilege Escalation vulnerability discovered in Symantec Web Security Services Agent. This flaw allows an attacker to potentially compromise the application and gain elevated access to system resources. The vulnerability affects versions 9.8.4 and 9.8.5, and a patch is available in version 9.8.5.
Successful exploitation of CVE-2025-13917 could allow an attacker to bypass security controls and gain unauthorized access to sensitive data and system functionalities. An attacker could leverage this privilege escalation to execute arbitrary code with elevated privileges, potentially leading to complete system compromise. The blast radius extends to any data or services accessible by the Symantec Web Security Services Agent, making it a significant risk for organizations relying on this security agent.
CVE-2025-13917 was published on 2026-01-28. As of this date, there are no publicly known proof-of-concept exploits. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any updates regarding active exploitation campaigns.
Organizations utilizing Symantec Web Security Services Agent in their environments, particularly those running versions 9.8.4 and 9.8.5, are at risk. This includes businesses relying on the agent for web security filtering and content inspection, especially those with less frequent patching cycles.
• broadcom / server:
ps -ef | grep 'Symantec Web Security Services Agent'• broadcom / server:
journalctl -u 'wssagent'disclosure
漏洞利用状态
EPSS
0.01% (3% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-13917 is to upgrade to Symantec Web Security Services Agent version 9.8.5 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls and monitoring for suspicious activity related to the agent. While a direct workaround is unavailable, regularly reviewing agent configurations and ensuring least privilege principles are enforced can reduce the potential impact. After upgrade, confirm successful patching by verifying the agent version.
将 Symantec Web Security Services Agent 更新到 9.8.5 或更高版本。此更新修复了权限提升漏洞。请参阅 Broadcom 安全公告以获取更多详细信息和特定说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-13917 is a vulnerability in Symantec Web Security Services Agent allowing attackers to gain elevated privileges. It affects versions 9.8.4 and 9.8.5, potentially compromising system resources.
You are affected if you are running Symantec Web Security Services Agent versions 9.8.4 or 9.8.5. Upgrade to 9.8.5 to eliminate the vulnerability.
Upgrade to version 9.8.5 or later. If immediate upgrade is not possible, implement stricter access controls and monitor for suspicious activity.
As of the publication date, there are no publicly known active exploitation campaigns for CVE-2025-13917. However, continuous monitoring is recommended.
Refer to the Broadcom Security Advisory for CVE-2025-13917 for detailed information and official guidance.