CVE-2025-13919 MEDIUM

CVE-2025-13919: Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client

Vendor Broadcom
Product Symantec Endpoint Protection Windows Client
Weakness CWE-427
Published January 28, 2026
Last update January 30, 2026

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
January 30, 2026 Record updated