Protection mechanism failure in Kaspersky Lab products - CVE-2025-64984
Published: November 18, 2025
Vulnerability identifier: #VU118593
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-64984
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Kaspersky Lab
Affected software:
Endpoint Security for Linux
Industrial CyberSecurity for Linux Nodes
Endpoint Security for Mac
Endpoint Security for Linux
Industrial CyberSecurity for Linux Nodes
Endpoint Security for Mac
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A remote attacker can bypass implemented security restrictions and perform XSS attacks against users protected with Kaspersky Endpoint Security solutions.
How to mitigate CVE-2025-64984
It is recommended to update antivirus database to version 18.11.2025 or later to block known attack vectors.