Is Endpoint Protection/Endpoint Protection Manager vulnerable to OpenSSL vulnerabilities ?
Article ID: 428017
Updated On:
Products
Endpoint Protection
Endpoint Security
Endpoint Security Complete
Issue/Introduction
You want to know if Symantec Endpoint Protection (SEP), Symantec Endpoint Protection Manager (SEPM) are impacted by OpenSSL vulnerabilities:
- CVE-2025-11187
- CVE-2025-15467
- CVE-2025-15468
- CVE-2025-15469
- CVE-2025-66199
- CVE-2025-68160
- CVE-2025-69418
- CVE-2025-69419
- CVE-2025-69420
- CVE-2025-69421
- CVE-2026-22795
- CVE-2026-22796
- CVE-2025-11187
- CVE-2025-15467
Resolution
CVE-2025-11187: OpenSSL version 3.6, 3.5 and 3.4 are found vulnerable.
- 14.3 RU7: No impact, because SEPM uses OpenSSL 3.0.8
- 14.3 RU9/RU10: No impact, because SEPM uses OpenSSL 3.1.5
CVE-2025-15467: OpenSSL version 3.6, 3.5, 3.4, 3.3 and 3.0 are found vulnerable.
- 14.3 RU7: Upgrade to 14.3 RU9
- 14.3 RU9/RU10: No impact, because SEPM uses OpenSSL 3.1.5
- SEP client: No impact, because it uses earlier version OpenSSL 1.1.1x
Note: SEPM 14.3-RU9/RU10 uses OpenSSL v3.1.5 which is not in the affected version ranges. No impact for other CVE's.
Feedback
Yes
No
Powered by
