A critical security vulnerability has been discovered in Broadcom’s Symantec Endpoint Management Suite that enables unauthenticated remote code execution, posing significant risks to enterprise IT infrastructure. The flaw, designated CVE-2025-5333 with a severe CVSS v4.0 score of 9.5, affects multiple versions of the widely-deployed endpoint management solution and has prompted immediate mitigation recommendations from security experts. The vulnerability resides in the Symantec Altiris Inventory Rule Management (IRM) component, specifically targeting an exposed legacy .NET Remoting endpoint.
Source: https://cybersecuritynews.com/symantec-endpoint-management-suite-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/broadcom
"id": "bro809071525",
"linkid": "broadcom",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology',
'name': 'Broadcom',
'type': 'Organization'}],
'attack_vector': 'Unauthenticated Remote Code Execution (RCE)',
'date_detected': 'May 2025',
'description': 'A critical security vulnerability (CVE-2025-5333) has been '
'discovered in Broadcom’s Symantec Endpoint Management Suite '
'that enables unauthenticated remote code execution, posing '
'significant risks to enterprise IT infrastructure.',
'impact': {'systems_affected': ['Symantec Endpoint Management Suite '
'8.6.x-8.8']},
'initial_access_broker': {'entry_point': 'Port 4011'},
'post_incident_analysis': {'corrective_actions': ['Block port 4011 on '
'firewalls',
'Configure the '
'IRM_HostedServiceUrl core '
'setting with an empty '
'value and restart the '
'Altiris Inventory Rule '
'Management Service',
'Limit .NET Remoting access '
'to localhost-only in '
'upcoming releases'],
'root_causes': 'Insecure deserialization of .NET '
'objects through the '
'BinaryServerFormatterSinkProvider '
'with TypeFilterLevel set to Full'},
'recommendations': ['Block port 4011 on firewalls',
'Configure the IRM_HostedServiceUrl core setting with an '
'empty value and restart the Altiris Inventory Rule '
'Management Service',
'Limit .NET Remoting access to localhost-only in upcoming '
'releases'],
'references': [{'source': 'Broadcom PSIRT'},
{'source': 'LRQA security researchers'}],
'response': {'containment_measures': ['Block port 4011 on firewalls',
'Configure the IRM_HostedServiceUrl '
'core setting with an empty value and '
'restart the Altiris Inventory Rule '
'Management Service'],
'remediation_measures': ['Limit .NET Remoting access to '
'localhost-only in upcoming releases']},
'title': 'Critical Security Vulnerability in Broadcom’s Symantec Endpoint '
'Management Suite',
'type': 'Vulnerability',
'vulnerability_exploited': 'CVE-2025-5333'}