Symantec Endpoint Protection Security Update
Summary
Broadcom's Enterprise Security Group has released updates to address issues that were discovered in the Symantec Endpoint Protection (SEP) Windows client.
Affected Product(s)
|
Symantec Endpoint Protection (SEP) Windows Client |
||
|
CVE |
Affected Version(s) |
Remediation |
|
CVE-2025-13918 CVE-2025-13919 |
Prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3 |
Upgrade to 14.3 RU10 (14.3.12167.10000), 14.3 RU9 (14.3.11237.9000), or 14.3 RU8 (14.3.10178.8000). |
Issue Details
|
CVE-2025-13918 |
|
|
Severity/CVSSv3: |
Medium / 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
|
References: Impact: |
NVD: CVE-2025-13918 Elevation of Privilege |
|
Description: |
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
CVE-2025-13919 |
|
|
Severity/CVSSv3: |
Medium / 5.4 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
|
References: Impact: |
NVD: CVE-2025-13919 Component Object Model (COM) Hijacking |
|
Description: |
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry. |
Mitigation & Additional Information
The following client updates have been made available to remediate these issues:
- SEP 14.3 RU10 (14.3.12167.10000)
- SEP 14.3 RU9 (14.3.11237.9000)
- SEP 14.3 RU8 (14.3.10178.8000)
The latest Symantec Endpoint Protection releases and patches are available to customers through normal support channels. 14.3 RU10 (14.3.12167.10000) and 14.3 RU9 (14.3.11237.9000) are available via Symantec LiveUpdate for Cloud-Managed and On-Premise customers through Auto Upgrade and the Symantec Endpoint Protection Manager. The 14.3 RU8 (14.3.10178.8000) client update is available via LiveUpdate to the Symantec Endpoint Protection Manager.
Broadcom's Enterprise Security Group recommends the following measures to reduce risk of attack:
- Restrict access to administrative or management systems to authorized privileged users.
- Restrict remote access to trusted/authorized systems only.
- Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
- Keep all operating systems and applications current with vendor patches.
- Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection for both inbound and outbound threats.
- Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.
Acknowledgements
- CVE-2025-13918: Sandro Poppi
- CVE-2025-13919: Gregory DRAPERI, AXA