CVE-2025-1364 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-1364?

CVE-2025-1364 has a CVSS score of 5.3 (MEDIUM). A critical stack-based buffer overflow vulnerability in MicroWord eScan Antivirus 7.0.32 on Linux allows local attackers to execute arbitrary code via the USB Protection Service's passPrompt function. This affects Linux systems running the vulnerable antivirus software. The exploit is publicly available and the vendor has not responded to disclosure.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in MicroWord eScan Antivirus 7.0.32 on Linux allows local attackers to execute arbitrary code via the USB Protection Service's passPrompt function. This affects Linux systems running the vulnerable antivirus software. The exploit is publicly available and the vendor has not responded to disclosure.

💻 Affected Systems

Products:

MicroWord eScan Antivirus

Versions: 7.0.32

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Linux version with USB Protection Service enabled.

📦 What is this software?

Escan Anti Virus by Escanav

View all CVEs affecting Escan Anti Virus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local user gains elevated privileges to install malware, access sensitive files, or disrupt system operations.

🟢

If Mitigated

Limited impact if antivirus is uninstalled or USB Protection Service is disabled.

🌐 Internet-Facing: LOW - Attack requires local access, not remotely exploitable.

🏢 Internal Only: HIGH - Local attackers on compromised systems can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available in GitHub repository. Requires local access to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider uninstalling eScan Antivirus 7.0.32 or disabling USB Protection Service.

🔧 Temporary Workarounds

Disable USB Protection Service

linux

Stop and disable the vulnerable USB Protection Service component

sudo systemctl stop escan-usb-protection
sudo systemctl disable escan-usb-protection

Uninstall eScan Antivirus

linux

Remove the vulnerable software entirely

sudo apt remove escan-antivirus
sudo yum remove escan-antivirus

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor for unusual process activity from eScan components

🔍 How to Verify

Check if Vulnerable:

Check if eScan Antivirus version 7.0.32 is installed and USB Protection Service is running

Check Version:

escan --version | grep '7.0.32'

Verify Fix Applied:

Verify eScan Antivirus is uninstalled or USB Protection Service is stopped and disabled

📡 Detection & Monitoring

Log Indicators:

Unusual process crashes in eScan components
Privilege escalation attempts from eScan processes

Network Indicators:

None - local exploit only

SIEM Query:

Process creation where parent process contains 'escan' and child process has elevated privileges

📊 Metadata

CVE ID: CVE-2025-1364

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.05% exploit probability (15.3th percentile)

Published: February 16, 2025

Last Updated: October 10, 2025

🔗 References

https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.295969 Permissions Required,VDB Entry
https://vuldb.com/?id.295969 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.496481 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1364, you might also want to check these: