CVE-2025-1366

MediumPublic PoC

Published: 17 February 2025

Published

17 February 2025

Modified

09 October 2025

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0006 20.0th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1366 is a medium-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Escanav Escan Anti-Virus. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms that directly prevent exploitation of the stack-based buffer overflow in the VirusPopUp component's strcpy function.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of identified flaws, such as patching the critical buffer overflow vulnerability in eScan Antivirus 7.0.32.

SI-10 Information Input Validation partial match

prevent

Enforces input validation to restrict malformed data that could trigger the strcpy buffer overflow in the VirusPopUp component.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1211 Exploitation for Stealth Stealth

Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in eScan Antivirus VirusPopUp component enables local arbitrary code execution in the security software process, facilitating privilege escalation (T1068) and defense evasion via exploitation of antivirus (T1211).

NVD Description

A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this issue is the function strcpy of the component VirusPopUp. The manipulation leads to stack-based buffer overflow. The attack needs to be approached…

locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-1366 is a stack-based buffer overflow vulnerability affecting the strcpy function within the VirusPopUp component of MicroWord eScan Antivirus version 7.0.32 on Linux systems. Published on 2025-02-17T01:15:10.280, the issue is classified as critical and carries a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). It maps to CWEs 119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and 121 (Stack-based Buffer Overflow).

The vulnerability requires local access and can be exploited by an attacker with low privileges, involving low complexity and no user interaction. Successful manipulation triggers the buffer overflow, enabling limited impacts on confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service.

Advisories note that the exploit has been publicly disclosed and may be used, with details available at https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md, https://vuldb.com/?ctiid.295970, and https://vuldb.com/?id.295970. The vendor was contacted early regarding the disclosure but provided no response, and no patches or specific mitigations are referenced.

Details

CWE(s): CWE-119 CWE-121

Affected Products

escanav

escan anti-virus

7.0.32

CVEs Like This One

CVE-2025-0798Same product: Escanav Escan Anti-Virus

CVE-2024-13188Same product: Escanav Escan Anti-Virus

CVE-2026-5991Shared CWE-119, CWE-121

CVE-2026-5154Shared CWE-119, CWE-121

CVE-2026-3810Shared CWE-119, CWE-121

CVE-2026-5611Shared CWE-119, CWE-121

CVE-2026-5684Shared CWE-119, CWE-121

CVE-2026-5045Shared CWE-119, CWE-121

CVE-2026-3769Shared CWE-119, CWE-121

CVE-2026-3809Shared CWE-119, CWE-121

References

https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.295970
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.295970
Third Party Advisory, VDB Entry · cna@vuldb.com