Stack-Based Buffer Overflow in Microword eScan Antivirus on Linux
CVE-2025-0720

4.8MEDIUM

Key Information:

Vendor

Microword

Status
Escan Antivirus
Vendor
CVE Published:
26 January 2025

What is CVE-2025-0720?

A vulnerability exists in Microword eScan Antivirus 7.0.32 for Linux that may lead to a stack-based buffer overflow in the removeExtraSlashes function located in the /opt/MicroWorld/sbin/rtscanner file. This issue can be exploited locally and poses a risk to the affected system. Although the vulnerability has been disclosed publicly, the vendor has not provided any response regarding the matter, leaving systems vulnerable to potential attacks.

Affected Version(s)

eScan Antivirus 7.0.32

References

https://vuldb.com/?id.293480
vdb-entrytechnical-description
https://vuldb.com/?ctiid.293480
signaturepermissions-required
https://vuldb.com/?submit.482371
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.