Reflected XSS Vulnerability in Kaspersky Endpoint Security Products
CVE-2025-64984

5.1MEDIUM

Key Information:

Vendor: Kaspersky
Status: Kaspersky Endpoint Security; Kaspersky Industrial Cybersecurity For Linux Nodes
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-64984?

Kaspersky has addressed a security flaw in its Endpoint Security and Industrial CyberSecurity products for Linux and Mac that potentially allows attackers to execute reflected XSS attacks. This vulnerability is exploited by leveraging phishing techniques, which could manipulate user interactions to compromise the security of affected systems. Users of affected versions are strongly advised to update their software to mitigate this risk and ensure robust protection against such threats.

Affected Version(s)

Kaspersky Endpoint Security MacOS 12.0.0.325

Kaspersky Endpoint Security MacOS 12.1.0.553

References

https://support.kaspersky.com/vulnerability/list-of-advis...

vendor-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Nov 12, 2025

JSON