A critical security vulnerability has been discovered in Broadcom’s Symantec Endpoint Management Suite that enables unauthenticated remote code execution, posing significant risks to enterprise IT infrastructure.
The flaw, designated CVE-2025-5333 with a severe CVSS v4.0 score of 9.5, affects multiple versions of the widely-deployed endpoint management solution and has prompted immediate mitigation recommendations from security experts.
Key Takeaways
1. CVE-2025-5333 (CVSS 9.5) affects Symantec Endpoint Management Suite 8.6.x-8.8, enabling unauthenticated remote code execution via port 4011.
2. Insecure .NET object deserialization in Altiris IRM component allows attackers to execute arbitrary code through crafted payloads.
3. Block port 4011 on firewalls - this port is unnecessary for normal Symantec operations according to Broadcom documentation.
4. Discovered May 2025, confirmed by Broadcom PSIRT, with localhost-only restrictions planned for future releases.
Symantec Altiris RCE Vulnerability
The vulnerability resides in the Symantec Altiris Inventory Rule Management (IRM) component, specifically targeting an exposed legacy .NET Remoting…
