CVE-2025-13918
Elevation of Privilege in Symantec Endpoint Protection Prior to
Publication date: 2026-01-28
Last updated on: 2026-01-28
Assigner: Symantec Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| symantec | endpoint_protection | to 14.3.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Elevation of Privilege issue in Symantec Endpoint Protection versions prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3. It allows an attacker to exploit the software to gain higher access privileges than normally permitted, potentially compromising protected resources.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to gain elevated access to protected resources, which may lead to unauthorized control over the system, data breaches, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Symantec Endpoint Protection to version 14.3 RU10 Patch 1 or later, or apply RU9 Patch 2 or RU8 Patch 3 as applicable. These patches address the Elevation of Privilege vulnerability.