Overview
A reflected Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-64984, has been discovered and patched in several Kaspersky security products. This vulnerability affects Kaspersky Endpoint Security for Linux, Kaspersky Industrial CyberSecurity for Linux Nodes, and Kaspersky Endpoint Security for Mac. An attacker could potentially exploit this flaw using phishing techniques to inject malicious scripts into a user’s browser session.
Technical Details
CVE-2025-64984 is a reflected XSS vulnerability. This means that an attacker could craft a malicious URL containing JavaScript code. If a user clicks on this manipulated URL (often distributed via phishing), the embedded script will be executed within the context of the user’s browser, potentially allowing the attacker to steal cookies, redirect the user to a malicious website, or perform other unauthorized actions. The vulnerability existed in how the Kaspersky products handled user input, allowing for the injection of arbitrary JavaScript code.
Affected products and versions:
- Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025)
- Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025)
- Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025)
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-64984 a score of 6.1, classifying it as MEDIUM severity. This score reflects the potential impact and exploitability of the vulnerability.
Possible Impact
A successful XSS attack can have several consequences, including:
- Session Hijacking: Attackers could steal user session cookies, allowing them to impersonate legitimate users.
- Data Theft: Sensitive information displayed on the compromised page could be stolen.
- Malware Distribution: The injected script could redirect users to websites hosting malware.
- Defacement: The attacker could alter the appearance of the web page.
Because this vulnerability relies on phishing, the attacker needs to successfully trick a user into clicking a malicious link. However, the potential damage from a successful exploit is significant.
Mitigation and Patch Steps
Kaspersky has released updated anti-virus databases to address this vulnerability. To mitigate the risk, users of the affected products should take the following steps:
- Update Anti-Virus Databases: Ensure that your Kaspersky product has the latest anti-virus databases installed. For Kaspersky Endpoint Security for Linux and Kaspersky Industrial CyberSecurity for Linux Nodes, this means ensuring the database version is 18.11.2025 or later. For Kaspersky Endpoint Security for Mac (12.0.0.325, 12.1.0.553, and 12.2.0.694), ensure the database version is 18.11.2025 or later.
- Be Cautious of Phishing Attempts: Exercise caution when clicking on links in emails or other messages, especially from unknown or untrusted sources.
- Keep Software Up-to-Date: Regularly update your operating system and other software to patch potential vulnerabilities.
