CVE-2025-14963 – Trellix HX Agent Local Privilege Escalation (LSE) Vulnerability

CVE ID : CVE-2025-14963

Published : Feb. 24, 2026, 6:29 p.m. | 37 minutes ago

Description : A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys; a driver file associated with Trellix HX Agent (used in all existing HX Agent versions).   The vulnerable driver installed in a product or a system running fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the agent’s processes.

Severity: 6.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…