Kaspersky Endpoint Security XSS via AV DBs <18.11.2025
CVE-2025-64984 Published on November 20, 2025
Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025) that could have allowed a reflected XSS attack to be carried out by an attacker using phishing techniques.
Vulnerability Analysis
CVE-2025-64984 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Timeline
Advisory published by Kaspersky
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2025-64984 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2025-64984
Want to know whenever a new CVE is published for Kaspersky Endpoint Security? stack.watch will email you.
Affected Versions
Kaspersky Endpoint Security:- Version 12.0.0.325 is affected.
- Version 12.1.0.553 is affected.
- Version 12.2.0.694 is unknown.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.