CVE-2025-1366
Published: 17 February 2025
Description
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
Security Summary
CVE-2025-1366 is a stack-based buffer overflow vulnerability affecting the strcpy function within the VirusPopUp component of MicroWord eScan Antivirus version 7.0.32 on Linux systems. Published on 2025-02-17T01:15:10.280, the issue is classified as critical and carries a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). It maps to CWEs 119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and 121 (Stack-based Buffer Overflow).
The vulnerability requires local access and can be exploited by an attacker with low privileges, involving low complexity and no user interaction. Successful manipulation triggers the buffer overflow, enabling limited impacts on confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service.
Advisories note that the exploit has been publicly disclosed and may be used, with details available at https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md, https://vuldb.com/?ctiid.295970, and https://vuldb.com/?id.295970. The vendor was contacted early regarding the disclosure but provided no response, and no patches or specific mitigations are referenced.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stack-based buffer overflow in eScan Antivirus VirusPopUp component enables local arbitrary code execution in the security software process, facilitating privilege escalation (T1068) and defense evasion via exploitation of antivirus (T1211).