A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.

Project Subscriptions

Vendors Products
Trellix Subscribe
Network Security Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Trellix
Trellix network Security
Vendors & Products Trellix
Trellix network Security

Fri, 26 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Web Interface on Trellix Network Security CM and NX

Fri, 26 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
Description A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: trellix

Published:

Updated: 2026-06-26T12:02:14.528Z

Reserved: 2025-07-21T13:29:42.223Z

Link: CVE-2025-7958

cve-icon Vulnrichment

Updated: 2026-06-26T12:02:11.235Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T20:08:09Z

Weaknesses