CVE-2025-64984

Vulnerability

Overview CVE-2025-64984 is a reflected cross-site scripting (XSS) vulnerability in Kaspersky Endpoint Security for Linux, Kaspersky Industrial CyberSecurity for Linux Nodes, and Kaspersky Endpoint Security for Mac (versions 12.0.0.325, 12.1.0.553, and 12.2.0.694). The issue exists in anti-virus databases prior to November 18, 2025, and arises from improper sanitization of user-controlled input, allowing an attacker to inject arbitrary JavaScript code [1].

Exploitation

Prerequisites An attacker can exploit this vulnerability through phishing techniques, such as sending a crafted link that, when clicked by a victim, reflects malicious script in the product's user interface. No authentication is required; the attack is triggered simply by the victim interacting with the crafted link. The attacker must convince the user to navigate to a specially crafted URL.

Impact

Successful exploitation enables the attacker to execute arbitrary JavaScript in the context of the affected product. This could lead to actions such as stealing session tokens, performing malicious operations within the product's interface, or redirecting the user to attacker-controlled content.

Mitigation

Kaspersky has addressed this issue by releasing updated anti-virus databases dated November 18, 2025, or later. Users are advised to ensure their products are updated to the latest database versions. The advisory is documented in Kaspersky's list of advisories [1].