What is CVE-2025-4971?

CVE-2025-4971 is a vulnerability in Broadcom Automic Automation, classified under Untrusted Search Path. Published 2025-05-19.

Is CVE-2025-4971 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Broadcom Automic Automation

CVE-2025-4971

Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges.

EPSS: 0.008 (73.8th percentile) — read the EPSS interpretation.

Affected products

Broadcom Automic Automation — versions < 24.3.0 HF4, and < 21.0.13 HF1, 24.3.0 HF4 or later, and 21.0.13 HF1 or later

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/Se…
www.secuvera.de/advisories/secuvera-SA-2025-01.txt

Frequently asked questions

What is CVE-2025-4971?: CVE-2025-4971 is a vulnerability in Broadcom Automic Automation, classified under Untrusted Search Path. Published 2025-05-19.
Is CVE-2025-4971 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.