CVE-2025-13919

MEDIUM

Symantec Endpoint Protection <14.3 RU10-8 - COM Hijacking

Title source: llm

Description

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry.

References (1)

[Various Sources] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36774

Scores

CVSS v3 4.4

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-427

Status published

Products (2)

Broadcom/Symantec Endpoint Protection Windows Client 14.3.12154.10000

Broadcom/Symantec Endpoint Protection Windows Client 14.3.12167.10000

Published Jan 28, 2026

Tracked Since Feb 18, 2026