CVE-2025-64984
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-11-20
Assigner: Kaspersky Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kaspersky | endpoint_security_for_mac | 12.1.0.553 |
| kaspersky | endpoint_security_for_linux | * |
| kaspersky | endpoint_security_for_mac | 12.2.0.694 |
| kaspersky | industrial_cybersecurity_for_linux_nodes | * |
| kaspersky | endpoint_security_for_mac | 12.0.0.325 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected Cross-Site Scripting (XSS) issue in certain versions of Kaspersky Endpoint Security for Linux and Mac, as well as Kaspersky Industrial CyberSecurity for Linux Nodes. An attacker could exploit this by using phishing techniques to execute malicious scripts in the context of a user's browser, potentially leading to unauthorized actions or data exposure.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to execute malicious scripts via phishing, which may lead to unauthorized access to sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Kaspersky Endpoint Security for Linux and Mac, and Kaspersky Industrial CyberSecurity for Linux Nodes to versions with anti-virus databases dated 18.11.2025 or later.