CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:clamav:clamav::::::::
	cpe:2.3:a:clamav:clamav::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:secure_endpoint::::::macos::*
	cpe:2.3:a:cisco:secure_endpoint::::::linux::*
	cpe:2.3:a:cisco:secure_endpoint::::::windows::*
	cpe:2.3:a:cisco:secure_endpoint::::::windows::*
	cpe:2.3:a:cisco:secure_endpoint_private_cloud::::::::

History

03 Nov 2025, 19:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html -

Information

Published : 2025-01-22 17:15

Updated : 2025-11-03 19:15

NVD link : CVE-2025-20128

Mitre link : CVE-2025-20128

CVE.ORG link : CVE-2025-20128

JSON object : View

Products Affected

cisco

secure_endpoint_private_cloud
secure_endpoint

clamav

clamav

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2025-20128", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-01-22T17:15:12.583", "references": [{"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en la rutina de descifrado Object Linking and Embedding 2 (OLE2) de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un desbordamiento de enteros en una comprobaci\u00f3n de los l\u00edmites que permite una lectura de desbordamiento de b\u00fafer de mont\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo manipulado con contenido OLE2 para que ClamAV lo escanee en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante terminar el proceso de escaneo de ClamAV, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el software afectado. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte el . Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."}], "lastModified": "2025-11-03T19:15:47.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA36F577-6DC0-4269-BD6C-6B2C92FEE5D7", "versionEndExcluding": "1.0.8", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B5E2539-FA2D-4CF9-8CC5-C11D50994E7C", "versionEndExcluding": "1.4.2", "versionStartIncluding": "1.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "E952EECB-A2D2-4AD5-8C44-5A572FBB18C5", "versionEndExcluding": "1.24.4"}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "3E3EED81-A4E2-4B0A-A6B6-77A22559D1A0", "versionEndExcluding": "1.25.1"}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "44356F2D-AC9C-4A9C-8F37-96FFDC6950C4", "versionEndExcluding": "7.5.20"}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "145C1E4A-E704-4228-91A2-B26BD60838B9", "versionEndExcluding": "8.4.3", "versionStartIncluding": "8.0.1.21160"}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19E2B316-8BA1-459F-B7A6-E9125EBAC411", "versionEndExcluding": "4.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}