CVE-2025-0798
Published: 29 January 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-0798 is a critical OS command injection vulnerability (CWE-77, CWE-78) in MicroWorld eScan Antivirus version 7.0.32 on Linux systems. The flaw resides in the Quarantine Handler component, specifically during processing of the rtscanner file, where improper handling allows malicious input to execute arbitrary operating system commands. Rated at CVSS 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), it was published on January 29, 2025.
Remote attackers can exploit this vulnerability without privileges or user interaction, though it requires high attack complexity and is considered difficult to execute. Successful exploitation enables full system compromise, granting high-impact confidentiality, integrity, and availability violations through injected OS commands.
Advisories from VulDB and a public GitHub disclosure detail the issue, including a proof-of-concept exploit in escan_rtscanner_rce.md, but the vendor was contacted early and provided no response or patch. Security practitioners should monitor for updates, restrict access to the affected component, and consider alternative antivirus solutions until mitigation is available.
The exploit has been publicly disclosed and may be used, though its high complexity limits widespread adoption. No real-world exploitation in the wild is reported.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
OS command injection in Linux antivirus service rtscanner enables Unix Shell command execution (T1059.004), indirect command execution (T1202 as cited in advisory), and exploitation of remote service for RCE (T1210).