CVE-2025-8558 — MEDIUM (5.4)

Q: How severe is CVE-2025-8558?

CVE-2025-8558 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-8558?

Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Insider Threat Management Server.

Vulnerability Description

Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Proofpoint	Insider Threat Management Server	< 7.17.2

Related Weaknesses (CWE)

CWE-306

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003Broken Link

FAQ

What is CVE-2025-8558?

CVE-2025-8558 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration ...

How severe is CVE-2025-8558?

CVE-2025-8558 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-8558?

Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Insider Threat Management Server.