CVE-2025-13919 | THREATINT

Description

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry.

PUBLISHED Reserved 2025-12-02 | Published 2026-01-28 | Updated 2026-01-30 | Assigner symantec

MEDIUM: 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status

unaffected

14.3.12154.10000

affected

14.3.12167.10000

unaffected

Credits

Gregory DRAPERI finder

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36774 vendor-advisory

cve.org (CVE-2025-13919)

nvd.nist.gov (CVE-2025-13919)

Download JSON