- Description
- A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- clamav, secure_endpoint, secure_endpoint_private_cloud
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-122
- Hype score
- Not currently trending
URGENT: Critical RCE & DoS vulns in ClamAV for #Debian 11. CVE-2025-20128 & CVE-2025-20260 can lead to full system compromise. Patch to version 1.0.9+dfsg-1~deb11u1 immediately. Read more:👉 https://t.co/EQiOVgreT7 #Security https://t.co/B8NYdjbt9N
@Cezar_H_Linux
4 Sept 2025
92 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🟡Cisco fixes a critical ClamAV DoS vulnerability (CVE-2025-20128), but a PoC exploit is now public. Remote attackers could crash ClamAV using a crafted OLE2 file. -Update ASAP or isolate affected devices. 🔗 Details: https://t.co/dPySqWObU4 #CyberSecurity #InfoSec #Osec
@Osec__
5 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای آنتی ویروس ClamAV که یک آنتی ویروس open source می باشد ، آسیب پذیری با کد شناسایی CVE-2025-20128 از نوع Buffer overflow منتشر شده است. آسیب پذیری شناسایی شده باعث crash شدن این برنامه و به عبارتی موجب نوعی حمله DOS می شود. https://t.co/Poz3aKY03t https://t.co/SCw2XndVZM
@AmirHossein_sec
30 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای آنتی ویروس ClamAV که یک آنتی ویروس open source می باشد ، آسیب پذیری با کد شناسایی CVE-2025-20128 از نوع Buffer overflow منتشر شده است. آسیب پذیری شناسایی شده باعث crash شدن این برنامه و از کار افتادن سرویس مربوطه می شود و به عبارتی موجب نوعی حمله DOS می شود.
@cybernetic_cy
26 Jan 2025
93 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🌐 Bulletin d'Actualités - 24 janvier 2025 🔗 À lire ici : https://t.co/7iulrYYVuM 🔒 Vulnérabilités : ClamAV : DoS (CVE-2025-20128). phpMyAdmin : XSS. Node.js : Patch critique (CVE-2025-23083). ✨ Découvrir : Baleen : WAF/CDN 🇫🇷 Sommet IA à Paris, 10-11 février.
@CERT_Illicium
24 Jan 2025
16 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
A vulnerability (CVE-2025-20128) in ClamAV's OLE2 file decryption could enable unauthenticated remote attackers to cause DoS. Cisco has released patches. Update systems urgently. 🛡️ #ClamAV #DenialOfService #USA link: https://t.co/gW1pFXw1Zv https://t.co/47TuTalYEI
@TweetThreatNews
24 Jan 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. Tracked as CVE-2025-20128, the vulnerability is caused by a heap-based buffer overflowweakness in the Object Linking and Embedding 2 (OLE2)
@thecyberreport_
23 Jan 2025
58 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
ClamAVのDoS脆弱性CVE-2025-20128に対応するPoC(攻撃の概念実証コード)が公表されている。OLE2復号ルーチンにおけるヒープベースのバッファオーバーフロー。シスコ社によると、自社製品においてはシステム全体の安定性が影響を受けることはない。実際の攻撃は未確認。 https://t.co/FwP0oRSCJd
@__kokumoto
23 Jan 2025
755 Impressions
3 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploring Cisco's Denial of Service Flaw: CVE-2025-20128 https://t.co/kNAut34DRy #cve202520128 #clamav #denialofservice #cybersecurity #vulnerability #bufferoverflow #cisco #infosec #securityupdate #exploit
@DefendOpsHQ
22 Jan 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco addresses a denial-of-service vulnerability (CVE-2025-20128) in ClamAV, potentially allowing attackers to crash the antivirus. No active exploits reported. 🔒🔧 #Cisco #ClamAV #USA link: https://t.co/YH51UBSQPL https://t.co/fdmjJ9JpKm
@TweetThreatNews
22 Jan 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA36F577-6DC0-4269-BD6C-6B2C92FEE5D7",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B5E2539-FA2D-4CF9-8CC5-C11D50994E7C",
"versionEndExcluding": "1.4.2",
"versionStartIncluding": "1.1.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "E952EECB-A2D2-4AD5-8C44-5A572FBB18C5",
"versionEndExcluding": "1.24.4"
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "3E3EED81-A4E2-4B0A-A6B6-77A22559D1A0",
"versionEndExcluding": "1.25.1"
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "44356F2D-AC9C-4A9C-8F37-96FFDC6950C4",
"versionEndExcluding": "7.5.20"
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "145C1E4A-E704-4228-91A2-B26BD60838B9",
"versionEndExcluding": "8.4.3",
"versionStartIncluding": "8.0.1.21160"
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19E2B316-8BA1-459F-B7A6-E9125EBAC411",
"versionEndExcluding": "4.2.0"
}
],
"operator": "OR"
}
]
}
]