CVE-2025-64984
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-20

Last updated on: 2025-11-20

Assigner: Kaspersky Labs

Description
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-20
Last Modified
2025-11-20
Generated
2026-06-16
AI Q&A
2025-11-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64984
EUVD
EUVD-2025-198259
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
kaspersky endpoint_security_for_mac 12.1.0.553
kaspersky endpoint_security_for_linux *
kaspersky endpoint_security_for_mac 12.2.0.694
kaspersky industrial_cybersecurity_for_linux_nodes *
kaspersky endpoint_security_for_mac 12.0.0.325
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a reflected Cross-Site Scripting (XSS) issue in certain versions of Kaspersky Endpoint Security for Linux and Mac, as well as Kaspersky Industrial CyberSecurity for Linux Nodes. An attacker could exploit this by using phishing techniques to execute malicious scripts in the context of a user's browser, potentially leading to unauthorized actions or data exposure.

Impact Analysis

The vulnerability could allow an attacker to execute malicious scripts via phishing, which may lead to unauthorized access to sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session.

Mitigation Strategies

To mitigate this vulnerability, update Kaspersky Endpoint Security for Linux and Mac, and Kaspersky Industrial CyberSecurity for Linux Nodes to versions with anti-virus databases dated 18.11.2025 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64984. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart