CVE-2025-13919
MEDIUMSymantec Endpoint Protection <14.3 RU10-8 - COM Hijacking
Title source: llmDescription
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36774
Scores
CVSS v3
4.4
EPSS
0.0013
EPSS Percentile
2.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-427
Status
published
Products (2)
Broadcom/Symantec Endpoint Protection Windows Client
14.3.12154.10000
Broadcom/Symantec Endpoint Protection Windows Client
14.3.12167.10000
Published
Jan 28, 2026
Tracked Since
Feb 18, 2026