CVE-2025-8660 - Vulnerability Details - OpenCVE

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Broadcom	Symantec Pgp Encryption

No data.

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36021

History

Tue, 12 Aug 2025 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom symantec Pgp Encryption
Vendors & Products		Broadcom Broadcom symantec Pgp Encryption

Mon, 11 Aug 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 11 Aug 2025 07:30:00 +0000

Type	Values Removed	Values Added
Description		Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.
Title		Privilege Escalation in Symantec PGP Encryption 11.0.1
References		https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36021
Metrics		cvssV4_0 `{'score': 5.6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2025-08-11T07:18:08.397Z

Updated: 2025-08-11T14:59:58.663Z

Reserved: 2025-08-06T05:59:49.503Z

Link: CVE-2025-8660

Vulnrichment

Updated: 2025-08-11T14:59:34.216Z

NVD

Status : Awaiting Analysis

Published: 2025-08-11T08:15:26.177

Modified: 2025-08-11T18:32:48.867

Link: CVE-2025-8660

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8660", "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "state": "PUBLISHED", "assignerShortName": "symantec", "dateReserved": "2025-08-06T05:59:49.503Z", "datePublished": "2025-08-11T07:18:08.397Z", "dateUpdated": "2025-08-11T14:59:58.663Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Symantec PGP Encryption", "vendor": "Broadcom", "versions": [{"status": "affected", "version": "11.0.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pedro Cornago Lopez, Nordea Bank ABP (http://linkedin.com/in/pedro-cornago-a962143a)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.<br>"}], "value": "Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.6, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec", "dateUpdated": "2025-08-11T07:18:08.397Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36021"}], "source": {"discovery": "UNKNOWN"}, "title": "Privilege Escalation in Symantec PGP Encryption 11.0.1", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-11T14:59:17.146905Z", "id": "CVE-2025-8660", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T14:59:58.663Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8660", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-11T14:59:17.146905Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T14:59:34.216Z"}}], "cna": {"title": "Privilege Escalation in Symantec PGP Encryption 11.0.1", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Pedro Cornago Lopez, Nordea Bank ABP (http://linkedin.com/in/pedro-cornago-a962143a)"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Broadcom", "product": "Symantec PGP Encryption", "versions": [{"status": "affected", "version": "11.0.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36021"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.", "supportingMedia": [{"type": "text/html", "value": "Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.<br>", "base64": false}]}], "providerMetadata": {"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec", "dateUpdated": "2025-08-11T07:18:08.397Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8660", "state": "PUBLISHED", "dateUpdated": "2025-08-11T14:59:58.663Z", "dateReserved": "2025-08-06T05:59:49.503Z", "assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "datePublished": "2025-08-11T07:18:08.397Z", "assignerShortName": "symantec"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed."}, {"lang": "es", "value": "La escalada de privilegios ocurre cuando un usuario obtiene acceso a m\u00e1s recursos o funcionalidades de las que normalmente tiene permitidos."}], "id": "CVE-2025-8660", "lastModified": "2025-08-11T18:32:48.867", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "secure@symantec.com", "type": "Secondary"}]}, "published": "2025-08-11T08:15:26.177", "references": [{"source": "secure@symantec.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36021"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}