{"id":60964,"date":"2025-01-29T09:30:01","date_gmt":"2025-01-29T06:30:01","guid":{"rendered":"https:\/\/cvefeed.io\/vuln\/detail\/CVE-2025-0798"},"modified":"2025-01-29T09:30:01","modified_gmt":"2025-01-29T06:30:01","slug":"cve-2025-0798-microworld-escan-antivirus-os-command-injection-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-0798-microworld-escan-antivirus-os-command-injection-vulnerability\/","title":{"rendered":"CVE-2025-0798 &#8211; MicroWorld eScan Antivirus os Command Injection Vulnerability"},"content":{"rendered":"<p class=\"card-text\"> The following table lists the changes that have been made to the <code>CVE-2025-0798<\/code> vulnerability over time. <\/p>\n<p class=\"card-text\"> Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability&#8217;s severity, exploitability, or other characteristics. <\/p>\n<div class=\"p-3 \">\n<ul class=\"acitivity-timeline-2 list-unstyled mb-0\">\n<li>\n<h6 class=\"fs-14\">New CVE Received by <a href=\"https:\/\/cvefeed.io\/cdn-cgi\/l\/email-protection\" class=\"__cf_email__\" data-cfemail=\"31525f507147445d55531f525e5c\" target=\"_blank\" rel=\"noopener\">[email&nbsp;protected]<\/a><\/h6>\n<p>Jan. 29, 2025<\/p>\n<div class=\"table-responsive\">\n<table class=\"table table-responsive table-bordered table-hover table-condensed\">\n<thead>\n<tr>\n<th scope=\"col\">Action<\/th>\n<th scope=\"col\">Type<\/th>\n<th scope=\"col\">Old Value<\/th>\n<th scope=\"col\">New Value<\/th>\n<\/tr>\n<\/thead>\n<tbody readability=\"10\">\n<tr readability=\"5\">\n<td>Added<\/td>\n<td>Description<\/td>\n<td><\/td>\n<td>A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.<\/td>\n<\/tr>\n<tr readability=\"3\">\n<td>Added<\/td>\n<td>CVSS V4.0<\/td>\n<td><\/td>\n<td>AV:N\/AC:H\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Added<\/td>\n<td>CVSS V3.1<\/td>\n<td><\/td>\n<td>AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Added<\/td>\n<td>CVSS V2<\/td>\n<td><\/td>\n<td>(AV:N\/AC:H\/Au:N\/C:C\/I:C\/A:C)<\/td>\n<\/tr>\n<tr>\n<td>Added<\/td>\n<td>CWE<\/td>\n<td><\/td>\n<td>CWE-78<\/td>\n<\/tr>\n<tr>\n<td>Added<\/td>\n<td>CWE<\/td>\n<td><\/td>\n<td>CWE-77<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Added<\/td>\n<td>Reference<\/td>\n<td><\/td>\n<td>https:\/\/github.com\/dmknght\/FIS_RnD\/blob\/main\/escan_rtscanner_rce.md<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Added<\/td>\n<td>Reference<\/td>\n<td><\/td>\n<td>https:\/\/vuldb.com\/?ctiid.293921<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Added<\/td>\n<td>Reference<\/td>\n<td><\/td>\n<td>https:\/\/vuldb.com\/?id.293921<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>Added<\/td>\n<td>Reference<\/td>\n<td><\/td>\n<td>https:\/\/vuldb.com\/?submit.484718<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/li>\n<\/ul><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The following table lists the changes that have been made to the CVE-2025-0798 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability&#8217;s severity, exploitability, or other characteristics. New CVE Received by [email&nbsp;protected] Jan. 29, 2025 Action &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-60964","post","type-post","status-publish","format-standard","hentry","category-29"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60964","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=60964"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60964\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=60964"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=60964"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=60964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}