CVE-2025-1369

Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32

Description: A critical vulnerability was found in the USB Password Handler component of MicroWord eScan Antivirus, leading to os command injection. The attack must be approached locally and has a high complexity, making exploitation difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations: As a temporary workaround, consider disabling the USB Password Handler component until a patch is available. Restrict local access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.