Browse all 50 CVE security advisories affecting Trellix. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Trellix operates as a cybersecurity firm providing endpoint detection, response, and threat intelligence solutions primarily for enterprise environments. With fifty recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from complex integration layers within its endpoint agents and management consoles, allowing attackers to bypass security controls or gain unauthorized administrative access. Notable incidents include critical flaws in its ePO server components, which exposed sensitive configuration data and enabled lateral movement within compromised networks. The company has consistently issued patches to address these weaknesses, yet the high volume of CVEs highlights ongoing challenges in securing its extensive software ecosystem. This track record underscores the importance of rigorous patch management and continuous monitoring for organizations relying on Trellix’s comprehensive security infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14963 | Trellix Endpoint Security HX 安全漏洞 — Endpoint HX Agent (xAgent)CWE-20 | 7.0 | - | 2026-02-24 |
| CVE-2025-0664 | Trellix Endpoint Security 代码注入漏洞 — Trellix Endpoint Security (HX) AgentCWE-94 | 7.3 | - | 2025-07-21 |
| CVE-2025-5967 | Trellix Endpoint Security HX 跨站脚本漏洞 — Endpoint Security HXCWE-79 | 5.4AI | MediumAI | 2025-07-01 |
| CVE-2025-3773 | Trellix System Information Reporter 安全漏洞 — System Information ReporterCWE-530 | 5.5AI | MediumAI | 2025-06-26 |
| CVE-2025-3722 | Trellix System Information Reporter 路径遍历漏洞 — System Information ReporterCWE-22 | 6.5AI | MediumAI | 2025-06-26 |
| CVE-2025-3771 | Trellix System Information Reporter 安全漏洞 — System Information ReporterCWE-59 | 7.1AI | HighAI | 2025-06-26 |
| CVE-2025-0618 | FireEye EDR 代码注入漏洞 — FireEye EDR HXCWE-94 | 6.5 | Medium | 2025-04-23 |
| CVE-2025-0617 | Trellix HX 安全漏洞 — Trellix HX ConsoleCWE-776 | 5.9 | Medium | 2025-01-29 |
| CVE-2024-5955 | Trellix ePolicy Orchestrator 跨站脚本漏洞 — ePO Onprem Sp1 Update4CWE-79 | 5.4 | Medium | 2024-12-20 |
| CVE-2024-9679 | Trellix Data Loss Prevention 安全漏洞 — DLP Extension | 5.3 | Medium | 2024-12-16 |
| CVE-2024-9678 | Trellix Data Loss Prevention SQL注入漏洞 — DLP ExtensionCWE-89 | 4.9 | Medium | 2024-12-16 |
| CVE-2024-11482 | Trellix Enterprise Security Manager 安全漏洞 — Trellix Enterprise Security Manager (ESM)CWE-78 | 9.8 | Critical | 2024-11-29 |
| CVE-2024-11481 | Trellix Enterprise Security Manager 安全漏洞 — Trellix Enterprise Security Manager (ESM)CWE-22 | 8.2 | High | 2024-11-29 |
| CVE-2024-5957 | Trellix IPS Manager 安全漏洞 — Intrusion Prevention System (IPS) ManagerCWE-305 | 6.3 | Medium | 2024-09-05 |
| CVE-2024-5956 | Trellix IPS Manager 安全漏洞 — Intrusion Prevention System (IPS) ManagerCWE-305 | 6.5 | Medium | 2024-09-05 |
| CVE-2024-7608 | Trellix多款产品 安全漏洞 — Trellix NX, EX, AX, FX, CMS and IVXCWE-35 | 5.9 | Medium | 2024-08-27 |
| CVE-2024-5731 | Trellix IPS Manager 安全漏洞 — Intrusion Prevention System (IPS) ManagerCWE-311 | 6.8 | Medium | 2024-06-14 |
| CVE-2024-5671 | Trellix IPS Manager 代码问题漏洞 — Intrusion Prevention System (IPS) ManagerCWE-502 | 9.8 | Critical | 2024-06-14 |
| CVE-2024-4176 | Trellix XDR XConsole 跨站脚本漏洞 — Trellix EDR UI (XConsole)CWE-79 | 4.1 | Medium | 2024-06-13 |
| CVE-2024-4844 | Trellix ePolicy Orchestrator 信任管理问题漏洞 — ePolicy OrchestratorCWE-798 | 7.5 | High | 2024-05-16 |
| CVE-2024-4843 | Trellix ePolicy Orchestrator 安全漏洞 — ePolicy OrchestratorCWE-639 | 4.3 | Medium | 2024-05-16 |
| CVE-2023-6072 | Trellix Central Management 跨站脚本漏洞 — Trellix Central Management (CM)CWE-79 | 4.6 | Medium | 2024-02-13 |
| CVE-2024-0310 | Trellix Endpoint Security 跨站脚本漏洞 — Trellix Endpoint Security (ENS) Web ControlCWE-79 | 6.1 | Medium | 2024-01-10 |
| CVE-2024-0213 | Trellix Agent 安全漏洞 — Trellix Agent (TA)CWE-120 | 8.2 | High | 2024-01-09 |
| CVE-2024-0206 | Trellix Anti-Malware Engine 后置链接漏洞 — Anti-Malware EngineCWE-59 | 7.1 | High | 2024-01-09 |
| CVE-2023-6071 | Trellix Enterprise Security Manager 安全漏洞 — ESMCWE-77 | 8.4 | High | 2023-11-30 |
| CVE-2023-6070 | Trellix Enterprise Security Manager 代码问题漏洞 — Trellix Enterprise Security Manager (ESM)CWE-918 | 4.3 | Medium | 2023-11-29 |
| CVE-2023-5607 | Trellix Application and Change Control 路径遍历漏洞 — Trellix Application and Change Control (TACC)CWE-22 | 8.4 | High | 2023-11-27 |
| CVE-2023-5445 | Trellix ePolicy Orchestrator 安全漏洞 — ePolicy OrchestratorCWE-601 | 5.4 | Medium | 2023-11-17 |
| CVE-2023-5444 | CSRF in ePO leading to privilege escalation — ePolicy OrchestratorCWE-352 | 8.0 | High | 2023-11-17 |
This page lists every published CVE security advisory associated with Trellix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.