Platform
broadcom
Component
symantec-endpoint-protection-windows-client
Opgelost in
14.3 RU10 Patch 1
CVE-2025-13918 is a privilege escalation vulnerability identified in Symantec Endpoint Protection Windows Client. This vulnerability allows an attacker to potentially gain elevated access to resources normally protected by the application. The vulnerability affects versions 14.3.12154.10000 through 14.3.12167.10000. Symantec has released patches to address this issue, recommending users upgrade to 14.3 RU10 Patch 1, RU9 Patch 2, or RU8 Patch 3.
Successful exploitation of CVE-2025-13918 could allow an attacker to bypass security controls and gain elevated privileges on a compromised system. This could lead to unauthorized access to sensitive data, modification of system configurations, or even complete control of the endpoint. The impact is particularly concerning in enterprise environments where Symantec Endpoint Protection is used to protect critical assets. While the specific attack vector is not detailed, the potential for privilege escalation suggests a sophisticated attacker could leverage this vulnerability to move laterally within a network and compromise other systems.
CVE-2025-13918 was publicly disclosed on 2026-01-28. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Active campaigns targeting this vulnerability are not currently known, but the potential for privilege escalation warrants ongoing monitoring and proactive mitigation.
Organizations heavily reliant on Symantec Endpoint Protection for endpoint security are at risk. This includes businesses with legacy Symantec Endpoint Protection deployments, those with limited patching cycles, and environments where user privileges are not strictly controlled. Shared hosting environments utilizing older versions of Symantec Endpoint Protection are also particularly vulnerable.
• windows / supply-chain:
Get-Process -Name SymantecEndpointProtection | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1000 and ProviderName = 'Symantec Endpoint Protection'"• windows / supply-chain:
Get-ItemProperty -Path 'HKLM:\Software\Symantec\SEP\InstallLocation' -Name Versiondisclosure
Exploit Status
EPSS
0.01% (0% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-13918 is to upgrade Symantec Endpoint Protection Windows Client to a patched version. Specifically, upgrade to 14.3 RU10 Patch 1, RU9 Patch 2, or RU8 Patch 3. If immediate patching is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful attack. While no specific WAF or proxy rules are applicable, ensure that endpoint detection and response (EDR) solutions are configured to monitor for suspicious process behavior indicative of privilege escalation attempts. After upgrade, confirm successful patching by verifying the version number within the Symantec Endpoint Protection console.
Werk Symantec Endpoint Protection Windows Client bij naar versie 14.3 RU10 Patch 1, RU9 Patch 2 of RU8 Patch 3, of een latere versie. Dit zal de Elevation of Privilege vulnerability verhelpen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-13918 is a medium-severity privilege escalation vulnerability affecting Symantec Endpoint Protection Windows Client versions 14.3.12154.10000–14.3.12167.10000, allowing potential unauthorized access.
If you are using Symantec Endpoint Protection Windows Client versions 14.3.12154.10000 through 14.3.12167.10000, you are potentially affected by this vulnerability.
Upgrade to Symantec Endpoint Protection Windows Client 14.3 RU10 Patch 1, RU9 Patch 2, or RU8 Patch 3 to remediate the vulnerability.
As of the current disclosure date, there are no confirmed reports of active exploitation, but proactive mitigation is recommended.
Refer to the official Symantec security advisory for detailed information and updates regarding CVE-2025-13918.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.