Description
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.
Published: 2026-06-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An administrator with local authentication can trigger arbitrary code execution through the web interface and the Alert artifact details page. The flaw is a classic code injection (CWE‑94), allowing the injection of system commands via unsanitized inputs. Successful exploitation could compromise the entire CM or NX system, leading to loss of confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects Trellix Network Security CM and NX. No specific version numbers are supplied, so all deployments of these services are potentially exposed until vendor patches are applied.

Risk and Exploitability

The CVSS base score is 7.1, indicating high severity, though no EPSS data is available. The vulnerability is not listed in CISA's KEV catalog. The attack vector is inferred administrator must access the web interface to trigger the injection, implying that systems exposed to admin credentials are at risk.

Generated by OpenCVE AI on June 26, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Trellix Network Security patch that mitigates the web interface code injection vulnerability.
  • Restrict access to the CM and NX web interface to verified admin users only and enforce multi‑factor authentication.
  • Disable or remove the Alert artifact details functionality until a fix is deployed.

Generated by OpenCVE AI on June 26, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Web Interface on Trellix Network Security CM and NX

Fri, 26 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
Description A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: trellix

Published:

Updated: 2026-06-26T12:02:14.528Z

Reserved: 2025-07-21T13:29:42.223Z

Link: CVE-2025-7958

cve-icon Vulnrichment

Updated: 2026-06-26T12:02:11.235Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T12:30:17Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')