CVE-2025-64984
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-64984, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-20

Last updated on: 2025-11-20

Assigner: Kaspersky Labs

Description

Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-20
Last Modified
2025-11-20
Generated
2026-07-06
AI Q&A
2025-11-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
kaspersky endpoint_security_for_mac 12.1.0.553
kaspersky endpoint_security_for_linux *
kaspersky endpoint_security_for_mac 12.2.0.694
kaspersky industrial_cybersecurity_for_linux_nodes *
kaspersky endpoint_security_for_mac 12.0.0.325

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a reflected Cross-Site Scripting (XSS) issue in certain versions of Kaspersky Endpoint Security for Linux and Mac, as well as Kaspersky Industrial CyberSecurity for Linux Nodes. An attacker could exploit this by using phishing techniques to execute malicious scripts in the context of a user's browser, potentially leading to unauthorized actions or data exposure.

Impact Analysis

The vulnerability could allow an attacker to execute malicious scripts via phishing, which may lead to unauthorized access to sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session.

Mitigation Strategies

To mitigate this vulnerability, update Kaspersky Endpoint Security for Linux and Mac, and Kaspersky Industrial CyberSecurity for Linux Nodes to versions with anti-virus databases dated 18.11.2025 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64984. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart