Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code.———————————————————————————————————————————————-Cisco has released security updates to address a ClamAV denial-of-service (DoS) vulnerability tracked as CVE-2025-20128. The Cisco PSIRT experts warn of the availability of a proof-of-concept (PoC) exploit code for this flaw.The vulnerability resides in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV. An unauthenticated, remote attacker could exploit the flaw to cause a denial of service (DoS) condition on a vulnerable device.Cisco [ClamAV](https://securityaffairs.com/142380/security/cisco-clamav-rce.html) (Clam AntiVirus) is an open-source antivirus engine designed to detect malware, viruses, and other malicious threats. It is widely used for email scanning, file scanning, and web security, particularly in Linux-based systems.*’This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device.’ [reads the advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA). ‘A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.’*The Medium-impact vulnerability affects Linux, Mac, and Windows, potentially crashing scans and delaying or halting scanning operations.The vulnerability impacts the following products:Affected Cisco Software Platform CVSS Base Score Security Impact Rating Cisco Bug ID First Fixed Release Secure Endpoint Connector for Linux 6.9 Medium [CSCwm89778](https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm89778) 1.25.1 Secure Endpoint Connector for Mac 6.9 Medium [CSCwm89779](https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm89779) 1.24.4 Secure Endpoint Connector for Windows 6.9 Medium [CSCwm89781](https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm89781) 7.5.20 8.4.3 Secure Endpoint Private Cloud 6.9 Medium [CSCwm91582](https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm91582) 4.2.0 with updated connectorsThe Cisco PSIRT is not aware of attacks in the wild exploiting this vulnerability.Google OSS-Fuzz reported this vulnerability.In February 2023, Cisco fixed a critical flaw, tracked as CVE-2023-20032 (CVSS score: 9.8), in [ClamAV](https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html) product. The vulnerability resides in the HFS+ file parser component, an attacker can trigger the issue to gain remote code execution on vulnerable devices or trigger a DoS condition.Tracked as [CVE-2023-20032](https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html) (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser.The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. The company acknowledged Simon Scannell from Google for reporting this issue.The vulnerability is a buffer overflow issue affecting the ClamAV scanning library, it is due to a missing buffer size check.Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, ClamAV)**
Related Tags:
CVE-2025-20128
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 335 – Electrical Equipment
Appliance
Component Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
Blog: Security Affairs
Exploitation for Client Execution
Associated Indicators: