Critical RCE Vulnerability Found in Symantec Endpoint Management Platform

Security researchers at LRQA have uncovered a critical remote code execution (RCE) vulnerability in Broadcom’s Symantec Endpoint Management Suite, formerly known as Altiris, that could allow unauthenticated attackers to execute arbitrary code on vulnerable systems.

The flaw, assigned CVE-2025-5333, affects multiple versions of the widely used enterprise endpoint management platform and has been rated with a critical CVSS score of 9.5.

Vulnerability Overview

The vulnerability stems from an exposed legacy .NET Remoting endpoint in the Symantec Altiris Inventory Rule Management (IRM) component, accessible at tcp://:4011/IRM/HostedService.

When this endpoint is reachable over the network, it enables attackers to exploit insecure deserialization of .NET objects, leading to complete system compromise without requiring authentication.