CVE-2025-0893

High

Published: 19 February 2025

Published

19 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0008 24.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability.

Security Summary

CVE-2025-0893 is a Privilege Escalation vulnerability in the Symantec Diagnostic Tool (SymDiag), affecting versions prior to 3.0.79. Published on 2025-02-19, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-269 (Improper Privilege Management).

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction. Exploitation grants high-impact access to confidentiality, integrity, and availability (C:H/I:H/A:H), enabling full system compromise within the unchanged scope.

Broadcom's security advisory provides mitigation guidance, available at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25417. Upgrading to SymDiag 3.0.79 or later addresses the issue in affected versions.

Details

CWE(s): CWE-269

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25417
secure@symantec.com