CVE-2025-4971 | THREATINT

Description

Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges.

PUBLISHED Reserved 2025-05-19 | Published 2025-05-19 | Updated 2025-05-20 | Assigner ca

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Problem types

CWE-426 Untrusted Search Path

Product status

Default status

unaffected

< 24.3.0 HF4, and < 21.0.13 HF1 (custom)

affected

24.3.0 HF4 or later, and 21.0.13 HF1 or later (custom)

unaffected

Credits

Flora Schäfer, secuvera GmbH finder

References

support.broadcom.com/...l/content/SecurityAdvisories/0/25732

www.secuvera.de/advisories/secuvera-SA-2025-01.txt

cve.org (CVE-2025-4971)

nvd.nist.gov (CVE-2025-4971)

Download JSON