Home

Description

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the Agent’s processes.

PUBLISHED Reserved 2025-12-19 | Published 2026-02-24 | Updated 2026-02-26 | Assigner trellix




MEDIUM: 6.2CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

36.30.0-17, 35.31.0-37, 34.x, 33.x and 30.x
affected

References

thrive.trellix.com/s/article/000015100

cve.org (CVE-2025-14963)

nvd.nist.gov (CVE-2025-14963)

Download JSON