CVE-2025-64984 is a reflected Cross-Site Scripting (XSS) vulnerability classified under CWE-79, discovered in Kaspersky Endpoint Security products for Linux and Mac platforms. The flaw exists in versions with anti-virus databases prior to 18.11.2025, specifically impacting Kaspersky Endpoint Security for Linux, Kaspersky Industrial CyberSecurity for Linux Nodes, and Kaspersky Endpoint Security for Mac versions 12.0.0.325, 12.1.0.553, and 12.2.0.694. The vulnerability arises from improper neutralization of user-supplied input during web page generation, allowing an attacker to inject malicious scripts that are reflected back to the victim. Exploitation requires no authentication or privileges but does require user interaction, typically through phishing vectors where the victim is tricked into clicking a crafted link or visiting a malicious page. The attack vector is network-based, and the vulnerability scope is limited to the affected Kaspersky endpoint security web interfaces or components that process web content. The impact includes potential execution of arbitrary scripts in the context of the affected application, which could lead to session hijacking, credential theft, or other malicious actions within the security product's interface. No known public exploits or active exploitation campaigns have been reported to date. The CVSS 4.0 base score is 5.1, indicating a medium severity level due to the ease of exploitation but limited impact on core system confidentiality, integrity, or availability. Kaspersky has released fixes to address this issue, and users are advised to update their anti-virus databases and product versions accordingly.

For European organizations, this vulnerability poses a moderate risk primarily through social engineering and phishing attacks that could exploit the reflected XSS flaw. Successful exploitation could allow attackers to execute malicious scripts within the context of the Kaspersky Endpoint Security interface, potentially leading to session hijacking or unauthorized actions within the security product. While the direct impact on system confidentiality, integrity, and availability is limited, the compromise of security management interfaces could indirectly weaken endpoint defenses or leak sensitive security information. Organizations in critical infrastructure sectors, such as energy, finance, and government, which rely heavily on Kaspersky products for endpoint protection, may face increased risk if attackers leverage this vulnerability as part of a broader attack chain. The lack of known exploits in the wild reduces immediate threat urgency, but the medium severity rating and phishing vector highlight the need for vigilance. The vulnerability also underscores the importance of user training to recognize phishing attempts and the necessity of timely patching to maintain endpoint security integrity.

1. Immediately update Kaspersky Endpoint Security products to versions with anti-virus databases dated 18.11.2025 or later to apply the official patch addressing CVE-2025-64984. 2. Implement strict input validation and output encoding on any custom integrations or web interfaces interacting with Kaspersky products to prevent injection of malicious scripts. 3. Enhance phishing awareness training for employees, emphasizing the risks of clicking unknown links and verifying email sources, to reduce the likelihood of successful social engineering exploitation. 4. Monitor network traffic and logs for suspicious requests targeting Kaspersky web interfaces that could indicate attempted exploitation of reflected XSS. 5. Restrict access to Kaspersky management consoles and web interfaces to trusted networks and authenticated users where possible, using network segmentation and access control lists. 6. Employ Content Security Policy (CSP) headers and other browser security mechanisms to limit the execution of unauthorized scripts in affected web contexts. 7. Regularly review and audit endpoint security configurations and update incident response plans to include scenarios involving exploitation of endpoint security management vulnerabilities.