OS Command Injection Vulnerability in MicroWord eScan Antivirus for Linux
CVE-2025-1369

2LOW

Key Information:

Vendor
Microword
Status
Escan Antivirus
Vendor
CVE Published:
17 February 2025

Badges

👾 Exploit Exists

Summary

A significant OS command injection vulnerability has been identified in MicroWord eScan Antivirus version 7.0.32 on Linux. This flaw exists within an unspecified functionality of the USB Password Handler component. Attackers may exploit this vulnerability through local means, necessitating physical access or authenticated access to the vulnerable system. While experts denote the execution complexity as high, the public disclosure of the exploit increases the risk of potential attacks. MicroWord has been informed of the vulnerability but has not provided a response, leaving users exposed to possible exploit scenarios.

Affected Version(s)

eScan Antivirus 7.0.32

References

https://vuldb.com/?id.295975
vdb-entry
https://vuldb.com/?ctiid.295975
signaturepermissions-required
https://vuldb.com/?submit.496482
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

FPT IS Security (VulDB User)
.