OS Command Injection Vulnerability in MicroWord eScan Antivirus for Linux
CVE-2025-1369

2LOW

Key Information:

Vendor

Microword

Status
Escan Antivirus
Vendor
CVE Published:
17 February 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-1369?

A significant OS command injection vulnerability has been identified in MicroWord eScan Antivirus version 7.0.32 on Linux. This flaw exists within an unspecified functionality of the USB Password Handler component. Attackers may exploit this vulnerability through local means, necessitating physical access or authenticated access to the vulnerable system. While experts denote the execution complexity as high, the public disclosure of the exploit increases the risk of potential attacks. MicroWord has been informed of the vulnerability but has not provided a response, leaving users exposed to possible exploit scenarios.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

eScan Antivirus 7.0.32

References

https://vuldb.com/?id.295975
vdb-entry
https://vuldb.com/?ctiid.295975
signaturepermissions-required
https://vuldb.com/?submit.496482
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

FPT IS Security (VulDB User)
JSON
.