CVE-2025-64984

Name of the Vulnerable Software and Affected Versions Kaspersky Endpoint Security for Linux (versions with anti-virus databases prior to 18.11.2025) Kaspersky Industrial CyberSecurity for Linux Nodes (versions with anti-virus databases prior to 18.11.2025) Kaspersky Endpoint Security for Mac versions 12.0.0.325, 12.1.0.553, and 12.2.0.694 (with anti-virus databases prior to 18.11.2025)

Description A security issue has been addressed in Kaspersky products that could allow an attacker to carry out a reflected Cross-Site Scripting (XSS) attack. The attack could be initiated through phishing techniques. A reflected XSS attack occurs when malicious scripts are injected into a trusted website's response, which are then executed by the user's browser.

Recommendations Update Kaspersky Endpoint Security for Linux to use anti-virus databases version 18.11.2025 or later. Update Kaspersky Industrial CyberSecurity for Linux Nodes to use anti-virus databases version 18.11.2025 or later. Update Kaspersky Endpoint Security for Mac to version 12.0.0.325, 12.1.0.553, or 12.2.0.694 with anti-virus databases version 18.11.2025 or later.