Home

Description

The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking.

PUBLISHED Reserved 2025-08-15 | Published 2025-09-11 | Updated 2025-09-11 | Assigner symantec




HIGH: 8.8CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:A/V:C/RE:M/U:Red

Problem types

CWE-427 Uncontrolled Search Path Element

CWE-269 Improper Privilege Management

Product status

Default status
unaffected

8.6.x
affected

8.7.x
affected

8.8
affected

Credits

Sandro Poppi finder

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36132 vendor-advisory

cve.org (CVE-2025-9059)

nvd.nist.gov (CVE-2025-9059)

Download JSON