CVE-2025-8304
📋 TL;DR
An authenticated local user on a Windows Terminal Server can access sensitive information in Windows Registry keys for Check Point Identity Agent, allowing them to claim another user's security policy rules. This affects systems running Check Point Identity Agent on Windows Terminal Servers with multiple authenticated users.
💻 Affected Systems
- Check Point Identity Agent
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could impersonate another user's security policy rules, potentially bypassing security controls, accessing restricted resources, or escalating privileges within the affected system.
Likely Case
An authenticated user could access another user's security policy information, leading to policy manipulation or unauthorized access to resources governed by those policies.
If Mitigated
With proper access controls and registry permissions, the risk is limited to authorized users who already have local access to the Terminal Server.
🎯 Exploit Status
Exploitation requires authenticated access to the Windows Terminal Server and knowledge of registry key locations containing sensitive information.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to SK184263 for specific fixed versions
Vendor Advisory: https://support.checkpoint.com/results/sk/sk184263
Restart Required: Yes
Instructions:
1. Review SK184263 advisory. 2. Download and install the latest version of Check Point Identity Agent from official sources. 3. Restart the system to apply changes.
🔧 Temporary Workarounds
Restrict Registry Access
windowsModify Windows Registry permissions to restrict access to sensitive Check Point Identity Agent registry keys.
regedit.exe (manual configuration required)
Isolate Terminal Server Users
windowsImplement strict user isolation policies on Terminal Servers to prevent cross-user access.
🧯 If You Can't Patch
- Implement strict access controls on Windows Registry keys related to Check Point Identity Agent
- Monitor and audit access to Check Point Identity Agent registry keys and user policy changes
🔍 How to Verify
Check if Vulnerable:
Check if Check Point Identity Agent is installed on a Windows Terminal Server and review registry permissions for Check Point-related keys.Check Version:
Check Identity Agent version through Control Panel > Programs and Features or agent interfaceVerify Fix Applied:
Verify the installed version matches or exceeds the fixed version specified in SK184263 and test registry access controls.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Check Point registry keys
- Unexpected changes to user security policies
Network Indicators:
- Unusual authentication patterns on Terminal Server
SIEM Query:
Windows Event ID 4656 or 4663 for registry access to Check Point Identity Agent keys