Volerion logoVolerion
Volerion logoVolerion

Kaspersky Products Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and Kaspersky Endpoint Security for Mac (versions 12.0.0.325, 12.1.0.553, and 12.2.0.694 with anti-virus databases prior to 18.11.2025). This vulnerability could have been exploited by an attacker using phishing techniques.

Impact

Exploitation of this vulnerability could lead to a reflected cross-site scripting attack, allowing an attacker to inject malicious scripts that could be executed in the context of the user's browser.

Remediation

Users of Kaspersky Endpoint Security for Mac versions 12.0.0.325 and 12.1.0.553 should update to version 12.2.0.694 with the latest anti-virus databases. Users of Kaspersky Endpoint Security for Linux and Kaspersky Industrial CyberSecurity for Linux Nodes have access to an automatic update within the current version, which mitigates this issue.

Added: Nov 20, 2025, 3:21 PM
Updated: Nov 20, 2025, 3:21 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
1.7
exploitability
4.4
remediation
7.9
relevance
1.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.