Support Content Notification - Support Portal

CA20250520-01: Security Notice for Automic Automation Agent Unix

Product/Component

Automic SaaS

6 more products

Notification Id

25732

Last Updated

29 May 2025

Initial Publication Date

19 May 2025

Status

CLOSED

Severity

HIGH

CVSS Base Score

8.5

WorkAround

none

Affected CVE

CVE-2025-4971

CA20250520-01: Security Notice for Automic Automation Agent Unix

Issued: May 20th, 2025

Broadcom is alerting customers to a vulnerability in Automic Automation Agent Unix. A vulnerability exists in the Automic Automation Agent Unix that allows low privileged users who have execution rights on the agent executable to escalate their privileges. Broadcom has published solutions to address this vulnerability and recommends that all affected customers implement these solutions.

Risk Rating

CVE-2025-4971 - CVSS v4.0 Score: 8.5 / High
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Platform(s)

Unix

Affected Products

Automic Automation Agent Unix < 24.3.0 HF4
Automic Automation Agent Unix < 21.0.13 HF1

Non-Affected Products

Automic Automation Agent Unix 24.3.0 HF4 or later
Automic Automation Agent Unix 21.0.13 HF1 or later

How to determine if the installation is affected

Check the product version and hotfix level.

Solution

Broadcom published the following solutions to address the vulnerabilities:

https://downloads.automic.com/jart/prj3/dlc/main.jart?rel=en&reserve-mode=active&content-id=1441124704571&action=get&release_delivery_id=1743616828796

https://downloads.automic.com/jart/prj3/dlc/main.jart?rel=en&reserve-mode=active&content-id=1441124704571&action=get&release_delivery_id=1738446141713

How to determine if the fix is applied

Check the product version and hotfix level.

References

CVE-2025-4971 - Automic Automation Agent Unix privilege escalation

Acknowledgement

CVE-2025-4971 - Flora Schäfer, secuvera GmbH

Change History

Version 1.0: 2025-05-20 - Initial Release

Broadcom customers may receive product alerts and advisories by subscribing to Product Notifications.
Customers who require additional information about this notice may contact Broadcom Support at https://support.broadcom.com/.
To report a suspected vulnerability in a Broadcom product, please contact the Broadcom Product Security Incident Response Team.

Copyright © 2025 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA Technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.