Exploitation for Priv-Esc × Sophos Taegis Endpoint Agent (Linux)

A publicly-reported instance of Exploitation for Priv-Esc bypassing Sophos Taegis Endpoint Agent (Linux), recorded with its original source. Factual record; no assessment of any specific deployment.

Product

Sophos Taegis Endpoint Agent (Linux)

Technique

Exploitation for Priv-Esc

MITRE ATT&CK

T1068

Confidence

High

Severity

High

Status

patched

Disclosed

2025-04-11

Config / version noted

Yes

Provenance

www.sophos.com
disclosed 2025-04-11 · original source · via exa

Reported as

The vulnerability defeats the agent's integrity by allowing an attacker with local access to escalate privileges.

Mechanism

Local privilege escalation in the Debian package component of Taegis Endpoint Agent (Linux) enabling arbitrary code execution. The vulnerability defeats the agent's integrity by allowing an attacker with local access to escalate privileges.

Detection & mitigation

Monitor for unexpected privilege escalation events on Linux endpoints, such as a process gaining root privileges without a corresponding sudo or su authentication log entry. Ensure the Taegis Endpoint Agent is updated to the patched version to mitigate this vulnerability.

Exploitation for Priv-Esc has also been recorded against

Apple Atlassian Bitdefender Broadcom (Symantec)Comodo Security ConnectWise CrowdStrike Elastic ESET F5 Fortinet Google

This is a record of a publicly-reported event, not an assessment of any specific organization's deployment. Detection and mitigation notes are drawn from the cited source. Where the source is silent, fields are omitted.