ADV-2025-028 - Dependency on Vulnerable Third-Party Components in Netwrix Data Classification

netwrix-product-security · December 16, 2025, 1:00pm

Executive Summary

Multiple third-party libraries and runtime components with publicly known vulnerabilities have been identified and updated in Netwrix Data Classification. These components include zlib, 7-Zip, Leptonica, SkiaSharp, and Java runtime environments. While exploitation of several of these vulnerabilities is potentially possible through the product, updates to the affected libraries addressing the known vulnerabilities have been applied.

Users of Netwrix Data Classification are advised to update to the latest version immediately. Netwrix is unaware of any evidence of active exploitation of these vulnerabilities.

Vulnerability

Title	Affected Component	Affected Versions	CVSS 4.0 Score	CVSS 3.1 Score (Base / Temporal)	Description
Dependency on Vulnerable Third-Party Components	Netwrix Data Classification	<=5.7.10.0	7.7	8.8 / 7.9	Libraries with known vulnerabilities which may impact our product have been updated, these include zlib, 7-Zip, Leptonica, SkiaSharp.

Exploitability

Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.

Title	Publicly known?	Exploit available?	Actively exploited?
Dependency on Vulnerable Third-Party Components	Yes	No	No

Solution

All Netwrix Data Classification customers are advised to update Netwrix Data Classification to version 5.7.10.1 or later as soon as possible.

Please contact the Netwrix technical support team should you need assistance.

Official Fixes

Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.

Product	Release Version
Netwrix Data Classification	5.7.10.1

FAQ

How do I determine which version of Netwrix Data Classification is in use?

The Netwrix Data Classification version number can be found in the application’s About section or by checking the installed software version in your system.
Are there any configuration changes required after updating?

No additional configuration changes are required. The fixes are automatically applied upon updating to the remediated version.

Revisions

Updates to this advisory may be made as necessary. Information about each change will be published in the table below.

Revision	Date	Description
1	2025-12-16T13:00:00Z	First published

Disclaimer

The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.

Topic		Replies	Views
ADV-2025-001 - Vulnerabilities in Netwrix Endpoint Protector (formerly CoSoSys Endpoint Protector) Security Advisories security-advisory	0	166	January 21, 2024
ADV-2025-019 - Critical Vulnerability in Netwrix Privilege Secure for Discovery v2.22.6 Security Advisories security-advisory , privilege-secure-d-security-advisory	1	326	September 24, 2025
ADV-2022-003 - Vulnerabilities in Netwrix Auditor Security Advisories security-advisory	0	152	June 6, 2022
ADV-2025-025 - Denial of service vulnerability in Netwrix Threat Prevention (formerly StealthINTERCEPT) Server Security Advisories security-advisory , threat-prevention-security-advisory	0	213	October 20, 2025
ADV-2025-023 - Exposure of Sensitive Information to an Unauthorized Actor in Netwrix Privilege Secure Security Advisories security-advisory , privilege-secure-security-advisory	2	551	October 13, 2025