CVE-2025-20128

CVE Database · CVE-2025-20128

CVE-2025-20128

· MEDIUMModified

CVSS v3.1

5.3

EPSS

1.46%

Published

Jan 22, 2025

Modified

Nov 3, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-122

Affected Products (7)

clamav · clamav (up to 1.0.8)vulnerable

clamav · clamav (up to 1.4.2)vulnerable

cisco · secure_endpoint (up to 1.24.4)vulnerable

cisco · secure_endpoint (up to 1.25.1)vulnerable

cisco · secure_endpoint (up to 7.5.20)vulnerable

cisco · secure_endpoint (up to 8.4.3)vulnerable

cisco · secure_endpoint_private_cloud (up to 4.2.0)vulnerable