CVE Field Guide
About Us
CVE-2025-5333
PUBLISHED
Unauthenticated Remote Code Execution in IT Management Suite
Assigner:
symantec
Reserved:
29.05.2025
Published:
06.07.2025
Updated:
07.07.2025
Remote attackers can execute arbitrary code in the context of the vulnerable service process.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I/V:C/RE:L/U:Red
CVSS Score:
9.5
CVSS score
9.5
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
High
Confidentiality
High
Attack Complexity
High
Integrity
High
Integrity
High
Attack Requirements
None
Availability
High
Availability
High
Privileges Required
None
User Interaction
None
CVSS 4.0
Product Status
Vendor
Broadcom
Product
Symantec IT Management Suite
Versions
Default:
affected
Version 8.6.x, 8.7.x 8.8 is affected
Credits
Eleftherios Panos (lefteris.panos@lrqa.com)
finder
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35903