CVE-2025-0797

CVSS v4.0

4.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions MicroWorld eScan Antivirus version 7.0.32

Description The issue affects the Quarantine Handler component, specifically the file /var/Microworld/, leading to incorrect default permissions. This can be exploited locally, and the exploit has been disclosed. The vendor was contacted about the disclosure but did not respond. The attack needs to be approached locally.

Recommendations MicroWorld eScan Antivirus version 7.0.32: Update the permissions of the /var/Microworld/ file to the correct default settings to prevent exploitation.

Exploit

Fix

LPE

Incorrect Privilege Assignment

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-276

Related Identifiers

CVE-2025-0797

Affected Products

Escan Antivirus

CVE-2025-0797

Weakness Enumeration

Related Identifiers

Affected Products

References · 11