CVE-2025-0798
Published: 29 January 2025
Summary
CVE-2025-0798 is a critical-severity Command Injection (CWE-77) vulnerability in Escanav Escan Anti-Virus. Its CVSS base score is 9.2 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 18.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability rated critical has been identified in MicroWorld eScan Antivirus version 7.0.32 on Linux, specifically within the Quarantine Handler component's rtscanner file. The flaw stems from improper handling that permits OS command injection, corresponding to CWE-77 and CWE-78, and carries a CVSS 4.0 score of 9.2 reflecting high impact on confidentiality, integrity, and availability despite high attack complexity.
Remote attackers without authentication can exploit the issue to execute arbitrary operating system commands, though successful exploitation requires significant effort and the attack vector is considered difficult. Public disclosure of an exploit has occurred, enabling potential reuse by threat actors.
No vendor patch or official advisory has been issued, as MicroWorld did not respond to early disclosure notifications; the provided references consist of a detailed technical write-up and exploit documentation hosted on GitHub along with Vuldb entries.
The associated EPSS score has risen from a low baseline to a peak of 0.0313, indicating emerging exploitation interest after public release and suggesting the CVE merits renewed monitoring.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1872
Vulnerability details
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The…
more
attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in Linux antivirus service rtscanner enables Unix Shell command execution (T1059.004), indirect command execution (T1202 as cited in advisory), and exploitation of remote service for RCE (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents OS command injection by requiring validation of inputs to the Quarantine Handler during rtscanner file processing.
Mandates identification, reporting, and correction of the command injection flaw in eScan Antivirus 7.0.32, including patches or workarounds.
Reduces impact of successful command injection by enforcing least privilege on the vulnerable Quarantine Handler process.