CVE-2025-20234
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-08-11

Assigner: Cisco Systems, Inc.

Description
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-08-11
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20234
EUVD
EUVD-2025-27685
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
clamav clamav From 1.2.0 (inc) to 1.4.3 (exc)
cisco secure_endpoint to 1.26.1 (exc)
cisco secure_endpoint to 1.26.1 (exc)
cisco secure_endpoint to 7.5.21 (exc)
cisco secure_endpoint From 8.0.1.21160 (inc) to 8.4.5 (exc)
cisco secure_endpoint_private_cloud to 4.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a flaw in ClamAV's Universal Disk Format (UDF) file processing that causes a memory overread or out-of-bounds read when scanning crafted UDF files. An attacker can exploit this by submitting a specially crafted file to be scanned, which causes the ClamAV scanning process to crash or terminate unexpectedly, resulting in a denial of service (DoS) condition on the affected device. [1, 2]


How can this vulnerability impact me? :

The vulnerability can cause the ClamAV scanning process to terminate unexpectedly, leading to a denial of service (DoS) condition on the affected device. This means that malware scanning may be interrupted, potentially reducing the effectiveness of security defenses. However, it does not impact the overall system stability. There is also a potential risk of information disclosure due to the buffer overflow read bug. No workarounds are available, but fixed software versions have been released. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update ClamAV to version 1.4.3 or later. For Cisco Secure Endpoint Connectors, update to version 1.26.1 or later on Linux and Mac, and version 8.4.5 or later on Windows. For Secure Endpoint Private Cloud, update to versions later than 4.2.2 with updated connectors. There are no workarounds available, so applying these updates is the recommended immediate action. Additionally, verify hardware and software compatibility before upgrading and consult Cisco TAC for support if needed. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart