CVE-2025-8558

low

Description

Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003

Details

Source: Mitre, NVD

Published: 2025-11-03

Updated: 2025-11-07

Risk Information

CVSS v2

Base Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.3

Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00046

Detections

Analytics