Reflected XSS Vulnerability in Kaspersky Endpoint Security Products
CVE-2025-64984

5.1MEDIUM

Key Information:

Vendor: Kaspersky
Status: Kaspersky Endpoint Security; Kaspersky Industrial Cybersecurity For Linux Nodes
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-64984?

Kaspersky has addressed a security flaw in its Endpoint Security and Industrial CyberSecurity products for Linux and Mac that potentially allows attackers to execute reflected XSS attacks. This vulnerability is exploited by leveraging phishing techniques, which could manipulate user interactions to compromise the security of affected systems. Users of affected versions are strongly advised to update their software to mitigate this risk and ensure robust protection against such threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kaspersky Endpoint Security MacOS 12.0.0.325

Kaspersky Endpoint Security MacOS 12.1.0.553

References

https://support.kaspersky.com/vulnerability/list-of-advis...

vendor-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Nov 12, 2025

JSON

Kaspersky

What is CVE-2025-64984?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.