AI description
CVE-2025-20260 is a vulnerability found in ClamAV's PDF scanning functionality. It stems from incorrect memory buffer allocation during the processing of PDF files. Disclosed on June 18, 2025, this flaw affects all supported versions of ClamAV. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted PDF file to be scanned. Successful exploitation could lead to a buffer overflow, potentially causing a denial-of-service (DoS) condition by crashing the antivirus engine. There is also a possibility of arbitrary code execution with the privileges of the ClamAV process. This is most likely to occur in configurations where the max file-size scan limit is set to greater than or equal to 1024MB and the max scan-size scan limit is set to greater than or equal to 1025MB.
- Description
- A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-122
- Hype score
- Not currently trending
ClamAV の脆弱性 CVE-2025-20260/20234 が FIX:DoS と RCE への対応 https://t.co/r2jakEdzHa 今回のリリースでは、PDF や UDF 解析の深刻なバッファオーバーフローが解消されました。業務環境で ClamAV を使うなら、早期のバー
@iototsecnews
3 Jul 2025
139 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades de Cisco ClamAV ❗CVE-2025-20260 ❗CVE-2025-20234 ➡️Más info: https://t.co/d0g6b2TQfd https://t.co/9OTcAtdvBK
@CERTpy
26 Jun 2025
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20260 #ClamAV #PDF Scan could result in #Code #Execution! CVSS: 9.8 (Critical) Even the guards need guarding. #CVE #Cybersecurity #ZeroDay #BufferOverflow #ThreatIntel #Infosec #Awareness https://t.co/h5tjxzHZDA
@defhawk_specter
24 Jun 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20260 (CVSS:9.8, CRITICAL) is Received. A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffe..https://t.co/0uOJJiPwG3 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
23 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-20260: Exploiting and Mitigating #Cisco ClamAV Buffer Overflow Vulnerability https://t.co/NaTSEZnLpo Educational Purposes!
@UndercodeUpdate
21 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-20260: Cisco ClamAV exploit causes buffer overflow, denial of service, & potential code execution FOFA Link: https://t.co/v2i4WSibYl FOFA Query: app="CISCO-ClamAV" Results: 4,482 Patch Details: https://t.co/7hSsLDjFdD Advisory: https://t.co/KGqVaGadtk CVSS
@DarkWebInformer
20 Jun 2025
4230 Impressions
0 Retweets
22 Likes
5 Bookmarks
1 Reply
0 Quotes
⚠️⚠️ CVE-2025-20260 (CVSS 9.8) and CVE-2025-20234 (CVSS 5.3)—pose a risk to organizations that rely on ClamAV for scanning large PDF or UDF-based files 🎯4.5k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/lJoKb0JGuE FOFA htt
@fofabot
20 Jun 2025
1563 Impressions
6 Retweets
12 Likes
4 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20260
@transilienceai
19 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-20260 A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of servic… https://t.co/hO0LyXY2xk
@CVEnew
19 Jun 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20260
@transilienceai
19 Jun 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ClamAVに重大(Critical)な脆弱性。CVE-2025-20260はCVSSスコア9.8。PDFファイルの取扱に起因し、スキャン上限が大きい場合に不適切なメモリ割り当てによりバッファオーバーフローが発生。max-filesizeが1024MB以上、max-scan-
@__kokumoto
19 Jun 2025
1129 Impressions
6 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-20260 Buffer Overflow Vulnerability in ClamAV PDF Scanning Processes Enables Remote Attack https://t.co/EopNJ0ozgy
@VulmonFeeds
18 Jun 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🟥 CVE-2025-20260, CVSS: 9.8 (#Critical) #ClamAV version 1.4.3 and 1.0.9, #Cisco. #Vulnerability allows unauthenticated remote attackers to exploit a buffer overflow in the PDF scanning processes. #CyberSecurity #CVE #ClamAV #BufferOverflow https://t.co/FyZtYi8CZg https:/
@UjlakiMarci
18 Jun 2025
1302 Impressions
5 Retweets
9 Likes
3 Bookmarks
1 Reply
0 Quotes