CVE-2025-20234

Published Jun 18, 2025

Last updated 7 months ago

CVSS medium 5.3

Overview

Description
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .
Source
psirt@cisco.com
NVD status
Analyzed
Products
clamav, secure_endpoint, secure_endpoint_private_cloud

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

psirt@cisco.com
CWE-125

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades de Cisco ClamAV ❗CVE-2025-20260 ❗CVE-2025-20234 ➡️Más info: https://t.co/d0g6b2TQfd https://t.co/9OTcAtdvBK

    @CERTpy

    26 Jun 2025

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Clam AntiVirus UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2025-20234) #ClamAV #CVE202520234 #CyberSecurity #InformationDisclosureVulnerability https://t.co/rbvRSV4pcj https://t.co/Y1HmD7JKXB

    @SystemTek_UK

    24 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-20234

    @transilienceai

    22 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. ⚠️⚠️ CVE-2025-20260 (CVSS 9.8) and CVE-2025-20234 (CVSS 5.3)—pose a risk to organizations that rely on ClamAV for scanning large PDF or UDF-based files 🎯4.5k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/lJoKb0JGuE FOFA htt

    @fofabot

    20 Jun 2025

    1563 Impressions

    6 Retweets

    12 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-20234

    @transilienceai

    19 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. ClamAV UDF File Parsing Out-of-Bounds Read Information Disclosure Vulnerability (CVE-2025-20234) #ClamAV #CVE202520234 #CyberSecurity #InformationDisclosureVulnerability https://t.co/TULvESCORy https://t.co/194f5yNWyh

    @SystemTek_UK

    19 Jun 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-20234 A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an… https://t.co/5mt9kLUPU9

    @CVEnew

    19 Jun 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-20234

    @transilienceai

    18 Jun 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. CVE-2025-20234 Unauthenticated Denial of Service in ClamAV via UDF File Parsing ... https://t.co/DaEs9r22S1 Customizable Vulnerability Alerts: https://t.co/U7998fz7yk

    @VulmonFeeds

    18 Jun 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.CVE-2025-20260
  2. A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.CVE-2025-20128
  3. A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.CVE-2024-20506
  4. A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.CVE-2024-20505
  5. A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.CVE-2024-20380

References

Sources include official advisories and independent security research.