Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-20128
Analyzed
More InfoOfficial Page
Source-psirt@cisco.com
View Known Exploited Vulnerability (KEV) details
Published At-22 Jan, 2025 | 17:15
Updated At-06 Aug, 2025 | 14:11

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
ClamAV
clamav
>>clamav>>Versions from 1.0.0(inclusive) to 1.0.8(exclusive)
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
ClamAV
clamav
>>clamav>>Versions from 1.1.0(inclusive) to 1.4.2(exclusive)
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>secure_endpoint>>Versions before 1.24.4(exclusive)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*
Cisco Systems, Inc.
cisco
>>secure_endpoint>>Versions before 1.25.1(exclusive)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*
Cisco Systems, Inc.
cisco
>>secure_endpoint>>Versions before 7.5.20(exclusive)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
Cisco Systems, Inc.
cisco
>>secure_endpoint>>Versions from 8.0.1.21160(inclusive) to 8.4.3(exclusive)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
Cisco Systems, Inc.
cisco
>>secure_endpoint_private_cloud>>Versions before 4.2.0(exclusive)
cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Primarypsirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.htmlpsirt@cisco.com
Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphApsirt@cisco.com
Third Party Advisory
Change History
0Changes found
Details not found