CVE-2025-1369 – This critical vulnerability in MicroWord eScan ... (How to Fix)

Q: What is the severity of CVE-2025-1369?

CVE-2025-1369 has a CVSS score of 4.5 (MEDIUM). This critical vulnerability in MicroWord eScan Antivirus 7.0.32 on Linux allows local attackers to execute arbitrary operating system commands through the USB Password Handler component. The vulnerability requires local access to the system and successful exploitation could lead to complete system compromise. Only Linux systems running the specific antivirus version are affected.

📋 TL;DR

This critical vulnerability in MicroWord eScan Antivirus 7.0.32 on Linux allows local attackers to execute arbitrary operating system commands through the USB Password Handler component. The vulnerability requires local access to the system and successful exploitation could lead to complete system compromise. Only Linux systems running the specific antivirus version are affected.

💻 Affected Systems

Products:

MicroWord eScan Antivirus

Versions: 7.0.32

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the USB Password Handler component. Requires local access to the system.

📦 What is this software?

Escan Anti Virus by Escanav

View all CVEs affecting Escan Anti Virus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root privileges, allowing installation of persistent malware, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files and system resources by authenticated users with limited privileges.

🟢

If Mitigated

Limited impact due to proper access controls, network segmentation, and monitoring that would detect unusual command execution patterns.

🌐 Internet-Facing: LOW - The vulnerability requires local access and cannot be exploited remotely over the internet.

🏢 Internal Only: HIGH - Local attackers with access to the system can exploit this vulnerability to gain elevated privileges and compromise the entire system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploit has been publicly disclosed but requires local access and specific conditions. The vendor has not responded to disclosure attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable USB Password Handler

linux

Disable the vulnerable USB Password Handler component to prevent exploitation

sudo systemctl stop escan-usb-protection
sudo systemctl disable escan-usb-protection

Remove or Replace Antivirus

linux

Uninstall the vulnerable eScan Antivirus version and replace with alternative security software

sudo apt remove escan-antivirus
sudo yum remove escan-antivirus

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges and prevent unauthorized local access
Deploy endpoint detection and response (EDR) solutions to monitor for command injection attempts and unusual process execution

🔍 How to Verify

Check if Vulnerable:

Check if eScan Antivirus version 7.0.32 is installed: rpm -qa | grep escan or dpkg -l | grep escan

Check Version:

escan --version or check package manager: rpm -qi escan-antivirus

Verify Fix Applied:

Verify the USB Password Handler service is disabled: systemctl status escan-usb-protection

📡 Detection & Monitoring

Log Indicators:

Unusual command execution from eScan processes
Suspicious system commands originating from antivirus context
Failed privilege escalation attempts

Network Indicators:

None - this is a local vulnerability

SIEM Query:

process.name:eScan AND (cmdline:*bash* OR cmdline:*sh* OR cmdline:*sudo*)

📊 Metadata

CVE ID: CVE-2025-1369

CVSS v3 Score: 4.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.06% exploit probability (17.5th percentile)

Published: February 17, 2025

Last Updated: June 27, 2025

🔗 References

https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.295975 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.295975 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.496482 Third Party Advisory,VDB Entry
https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1369, you might also want to check these: