{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20128", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.212Z", "datePublished": "2025-01-22T16:21:12.329Z", "dateUpdated": "2025-02-18T19:40:10.978Z"}, "containers": {"cna": {"title": "ClamAV OLE2 File Format Decryption Denial of Service Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA", "name": "cisco-sa-clamav-ole2-H549rphA"}, {"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html", "name": "ClamAV blog"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-clamav-ole2-H549rphA", "discovery": "INTERNAL", "defects": ["CSCwm83037"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap-based Buffer Overflow", "type": "cwe", "cweId": "CWE-122"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Endpoint", "versions": [{"version": "7.0.5", "status": "affected"}, {"version": "6.2.19", "status": "affected"}, {"version": "7.3.3", "status": "affected"}, {"version": "7.2.13", "status": "affected"}, {"version": "6.1.5", "status": "affected"}, {"version": "6.3.1", "status": "affected"}, {"version": "6.2.5", "status": "affected"}, {"version": "7.3.5", "status": "affected"}, {"version": "6.2.1", "status": "affected"}, {"version": "7.2.7", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "6.3.5", "status": "affected"}, {"version": "6.2.9", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "6.1.7", "status": "affected"}, {"version": "7.2.11", "status": "affected"}, {"version": "7.2.3", "status": "affected"}, {"version": "7.1.5", "status": "affected"}, {"version": "6.3.3", "status": "affected"}, {"version": "7.3.9", "status": "affected"}, {"version": "6.2.3", "status": "affected"}, {"version": "6.1.9", "status": "affected"}, {"version": "7.2.5", "status": "affected"}, {"version": "6.3.7", "status": "affected"}, {"version": "1.12.3", "status": "affected"}, {"version": "1.8.0", "status": "affected"}, {"version": "1.11.1", "status": "affected"}, {"version": "1.12.4", "status": "affected"}, {"version": "1.10.0", "status": "affected"}, {"version": "1.12.0", "status": "affected"}, {"version": "1.8.1", "status": "affected"}, {"version": "1.10.1", "status": "affected"}, {"version": "1.12.1", "status": "affected"}, {"version": "1.12.6", "status": "affected"}, {"version": "1.14.0", "status": "affected"}, {"version": "1.10.2", "status": "affected"}, {"version": "1.12.2", "status": "affected"}, {"version": "1.6.0", "status": "affected"}, {"version": "1.11.0", "status": "affected"}, {"version": "1.7.0", "status": "affected"}, {"version": "1.13.0", "status": "affected"}, {"version": "1.12.7", "status": "affected"}, {"version": "1.8.4", "status": "affected"}, {"version": "1.13.1", "status": "affected"}, {"version": "1.9.0", "status": "affected"}, {"version": "1.9.1", "status": "affected"}, {"version": "1.12.5", "status": "affected"}, {"version": "1.13.2", "status": "affected"}, {"version": "8.1.7.21512", "status": "affected"}, {"version": "8.1.7", "status": "affected"}, {"version": "8.1.5", "status": "affected"}, {"version": "8.1.3.21242", "status": "affected"}, {"version": "8.1.3", "status": "affected"}, {"version": "8.1.5.21322", "status": "affected"}, {"version": "8.1.7.21417", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-01-22T16:21:12.329Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-22T16:54:39.076758Z", "id": "CVE-2025-20128", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T19:40:10.978Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20128", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-22T16:54:39.076758Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T16:55:06.281Z"}}], "cna": {"title": "ClamAV OLE2 File Format Decryption Denial of Service Vulnerability", "source": {"defects": ["CSCwm83037"], "advisory": "cisco-sa-clamav-ole2-H549rphA", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Endpoint", "versions": [{"status": "affected", "version": "7.0.5"}, {"status": "affected", "version": "6.2.19"}, {"status": "affected", "version": "7.3.3"}, {"status": "affected", "version": "7.2.13"}, {"status": "affected", "version": "6.1.5"}, {"status": "affected", "version": "6.3.1"}, {"status": "affected", "version": "6.2.5"}, {"status": "affected", "version": "7.3.5"}, {"status": "affected", "version": "6.2.1"}, {"status": "affected", "version": "7.2.7"}, {"status": "affected", "version": "7.1.1"}, {"status": "affected", "version": "6.3.5"}, {"status": "affected", "version": "6.2.9"}, {"status": "affected", "version": "7.3.1"}, {"status": "affected", "version": "6.1.7"}, {"status": "affected", "version": "7.2.11"}, {"status": "affected", "version": "7.2.3"}, {"status": "affected", "version": "7.1.5"}, {"status": "affected", "version": "6.3.3"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "6.2.3"}, {"status": "affected", "version": "6.1.9"}, {"status": "affected", "version": "7.2.5"}, {"status": "affected", "version": "6.3.7"}, {"status": "affected", "version": "1.12.3"}, {"status": "affected", "version": "1.8.0"}, {"status": "affected", "version": "1.11.1"}, {"status": "affected", "version": "1.12.4"}, {"status": "affected", "version": "1.10.0"}, {"status": "affected", "version": "1.12.0"}, {"status": "affected", "version": "1.8.1"}, {"status": "affected", "version": "1.10.1"}, {"status": "affected", "version": "1.12.1"}, {"status": "affected", "version": "1.12.6"}, {"status": "affected", "version": "1.14.0"}, {"status": "affected", "version": "1.10.2"}, {"status": "affected", "version": "1.12.2"}, {"status": "affected", "version": "1.6.0"}, {"status": "affected", "version": "1.11.0"}, {"status": "affected", "version": "1.7.0"}, {"status": "affected", "version": "1.13.0"}, {"status": "affected", "version": "1.12.7"}, {"status": "affected", "version": "1.8.4"}, {"status": "affected", "version": "1.13.1"}, {"status": "affected", "version": "1.9.0"}, {"status": "affected", "version": "1.9.1"}, {"status": "affected", "version": "1.12.5"}, {"status": "affected", "version": "1.13.2"}, {"status": "affected", "version": "8.1.7.21512"}, {"status": "affected", "version": "8.1.7"}, {"status": "affected", "version": "8.1.5"}, {"status": "affected", "version": "8.1.3.21242"}, {"status": "affected", "version": "8.1.3"}, {"status": "affected", "version": "8.1.5.21322"}, {"status": "affected", "version": "8.1.7.21417"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA", "name": "cisco-sa-clamav-ole2-H549rphA"}, {"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html", "name": "ClamAV blog"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-01-22T16:21:12.329Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20128", "state": "PUBLISHED", "dateUpdated": "2025-02-18T19:40:10.978Z", "dateReserved": "2024-10-10T19:15:13.212Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-01-22T16:21:12.329Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA36F577-6DC0-4269-BD6C-6B2C92FEE5D7", "versionEndExcluding": "1.0.8", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B5E2539-FA2D-4CF9-8CC5-C11D50994E7C", "versionEndExcluding": "1.4.2", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*", "matchCriteriaId": "E952EECB-A2D2-4AD5-8C44-5A572FBB18C5", "versionEndExcluding": "1.24.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*", "matchCriteriaId": "3E3EED81-A4E2-4B0A-A6B6-77A22559D1A0", "versionEndExcluding": "1.25.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "matchCriteriaId": "44356F2D-AC9C-4A9C-8F37-96FFDC6950C4", "versionEndExcluding": "7.5.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "matchCriteriaId": "145C1E4A-E704-4228-91A2-B26BD60838B9", "versionEndExcluding": "8.4.3", "versionStartIncluding": "8.0.1.21160", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "19E2B316-8BA1-459F-B7A6-E9125EBAC411", "versionEndExcluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en la rutina de descifrado Object Linking and Embedding 2 (OLE2) de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un desbordamiento de enteros en una comprobaci\u00f3n de los l\u00edmites que permite una lectura de desbordamiento de b\u00fafer de mont\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo manipulado con contenido OLE2 para que ClamAV lo escanee en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante terminar el proceso de escaneo de ClamAV, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el software afectado. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte el . Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."}], "id": "CVE-2025-20128", "lastModified": "2025-08-06T14:11:27.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-01-22T17:15:12.583", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "[email protected]", "type": "Primary"}]}

{}