CVE-2025-14963
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the Agent’s processes.
| CWE | CWE-20 |
| Vendor | trellix |
| Product | endpoint hx agent (xagent) |
| Published | Feb 24, 2026 |
| Last Updated | Feb 26, 2026 |
Get instant alerts for trellix endpoint hx agent (xagent)
Be the first to know when new unknown vulnerabilities affecting trellix endpoint hx agent (xagent) are published — delivered to Slack, Telegram or Discord.