CVE-2025-1370

CVSS v4.0

4.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Antivirus version 7.0.32

Description: A critical issue has been found in MicroWorld eScan Antivirus, affecting the sprintf function of the epsdaemon file in the Autoscan USB component. This leads to os command injection. The attack must be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations: As a temporary workaround, consider disabling the sprintf function in the epsdaemon file until a patch is available. Restrict access to the Autoscan USB component to minimize the risk of exploitation. Avoid using the epsdaemon file in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2025-1370

Affected Products

Microword Escan Antivirus

CVE-2025-1370

Weakness Enumeration

Related Identifiers

Affected Products

References · 10