CVE-2025-1369

Published: Feb 17, 2025Modified: Jun 27, 2025

2.0

Vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Escanav: Escan Anti Virus

1 product

Escan Anti Virus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Escanav Escan Anti Virus	Version 7.0.32

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (5)

https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.295975

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.295975

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.496482

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.