CVE-2025-20128: ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

5.3 CVSS

Description

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Classification

CVE ID: CVE-2025-20128

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: Cisco

Product: Cisco Secure Endpoint

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.71% (scored less or equal to compared to others)

EPSS Date: 2025-02-20 (when was this score calculated)

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html

Timeline

2025-01-23 00:30:49 UTC
CVE

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
2025-01-28 08:15:14 UTC
Cisco Security Advisory

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability