Flexera One Blog — Gabriel Carvalho (Flexera Software)
Official release of FlexNet Inventory Agent 25.4.0
We are pleased to announce the release of the FlexNet Inventory Agent 25.4.0.
Release Date: EU/AP: 2026-04-15, NA: 2026-04-22
This release includes:
- Fix for libexec folder permission issues preventing upgrades to web metering versions
- Fix for FlexNet Inventory Agent crash when detecting web applications on Windows native paths
- Bundled software version updated
Customer Impact:
- Previously, upgrading FlexNet Inventory Agent to a version that included web metering did not correctly update permissions on the libexec folder, which could cause the web metering module not to function unless the earlier version was uninstalled first. This release resolves this issue.
- Previously, the ndtrack inventory process could crash shortly after logging “Started web application tracking” when detecting web applications from processes that used Windows native volume paths. This release resolves this issue.
- The Expat, libcurl, and zlib third party libraries bundled with the FlexNet Inventory Agent have been updated in this release to address security vulnerabilities.
Product Documentation: Agent Documentation
Please find more about the content of this release in the Release Notes.
Thanks @Gabriel Carvalho (Flexera Software)
Can you please share the CVEs addressed? I cannot see any CVEs associated to my agent versions in the GraphQL vulnerability_cve dataset - should we not see that?
Associated CVE details will help us (and other customers) understand how high the threat is - especially as the agents are installed with root/system privileges, and the release note says all previous versions are affected for 2/3 libraries.
Hi @Wevans,
Sorry for the delay.
Here's the CVEs for Curl.
NVD - CVE-2026-3805
NVD - CVE-2026-3784
NVD - CVE-2026-3783
NVD - CVE-2026-1965
CVEs for Expat.
NVD - CVE-2026-32776
NVD - CVE-2026-32777
NVD - CVE-2026-32778
zlib security audit
https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/