Cisco has launched safety updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code.
Tracked as CVE-2025-20128, the vulnerability is brought on by a heap-based buffer overflow weak point within the Object Linking and Embedding 2 (OLE2) decryption routine, permitting unauthenticated, distant attackers to set off a DoS situation on weak gadgets.
If this vulnerability is efficiently exploited, it may trigger the ClamAV antivirus scanning course of to crash, stopping or delaying additional scanning operations.
“An attacker may exploit this vulnerability by submitting a crafted file containing OLE2 content material to be scanned by ClamAV on an affected machine,” Cisco defined. “A profitable exploit may enable the attacker to terminate the ClamAV scanning course of, leading to a DoS situation on the affected software program.”
Nevertheless, in an advisory issued right this moment, the corporate famous that general system stability wouldn’t be affected even after profitable assaults.
The weak merchandise checklist contains the Safe Endpoint Connector software program for Linux, Mac, and Home windows-based platforms. This resolution helps ingest Cisco Safe Endpoint audit logs and occasions into safety data and occasion administration (SIEM) programs like Microsoft Sentinel.
PoC exploit obtainable, no energetic exploitation
Whereas the Cisco Product Safety Incident Response Staff (PSIRT) stated it has no proof of in-the-wild exploitation, it added that CVE-2025-20128 exploit code is already obtainable.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is obtainable for the vulnerabilities which might be described on this advisory,” Cisco PSIRT said.
Right now, the corporate additionally patched a Cisco BroadWorks DoS safety flaw (CVE-2025-20165) and a important severity privilege escalation vulnerability (CVE-2025-20156) within the Cisco Assembly Administration REST API that lets hackers acquire admin privileges on unpatched gadgets.
In October, it fastened one other DoS safety bug (CVE-2024-20481) in its Cisco ASA and Firepower Risk Protection (FTD) software program, found throughout large-scale brute-force assaults in opposition to Cisco Safe Firewall VPN gadgets in April 2024.
One month later, it addressed a most severity vulnerability (CVE-2024-20418) that enables attackers to run instructions with root privileges on weak Extremely-Dependable Wi-fi Backhaul (URWB) industrial entry factors.