CVE-2025-8558

Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*

History

07 Nov 2025, 01:49

Type	Values Removed	Values Added
CPE		cpe:2.3:a:proofpoint:insider_threat_management_server::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
First Time		Proofpoint Proofpoint insider Threat Management Server
References	~~() https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003 -~~	() https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003 - Broken Link

03 Nov 2025, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-03 19:16

Updated : 2025-11-07 01:49

NVD link : CVE-2025-8558

Mitre link : CVE-2025-8558

CVE.ORG link : CVE-2025-8558

JSON object : View

Products Affected

proofpoint

insider_threat_management_server

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-8558", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security@proofpoint.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-03T19:16:16.227", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003", "tags": ["Broken Link"], "source": "security@proofpoint.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@proofpoint.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Insider Threat Management (ITM) Server\u00a0versions prior to 7.17.2\u00a0contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality."}], "lastModified": "2025-11-07T01:49:02.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A054570-DA72-4CBB-B605-4904BC7DFE3E", "versionEndExcluding": "7.17.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@proofpoint.com"}