Vulnerability Details CVE-2025-4660
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.
This does not impact Linux or OSX Secure Connector.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-4660
-
cpe:2.3:a:forescout:secureconnector:11.2
-
cpe:2.3:a:forescout:secureconnector:11.3.06.0063
-
cpe:2.3:o:microsoft:windows:-