CVE-2025-1370
published 2025-02-17CVE-2025-1370: A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf…
PriorityP338medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
EPSS
2.38%
81.8th percentile
A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| escanav | escan_anti-virus | — | — |
| linux | linux_kernel | >= 5.11.0 < 5.15.198 | 5.15.198 |
| linux | linux_kernel | >= 5.16.0 < 6.1.160 | 6.1.160 |
| linux | linux_kernel | >= 5.7.0 < 5.10.248 | 5.10.248 |
| linux | linux_kernel | >= 6.13.0 < 6.18.3 | 6.18.3 |
| linux | linux_kernel | >= 6.2.0 < 6.6.120 | 6.6.120 |
| linux | linux_kernel | >= 6.7.0 < 6.12.64 | 6.12.64 |
| microworld | escan_antivirus | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.04.8MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
osv5.5MEDIUM
vendor_oracle7.5HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
f2fs: use global inline_xattr_slab instead of per-sb slab cache
osv·2026-01-14·CVSS 5.5
CVE-2025-71105 f2fs: use global inline_xattr_slab instead of per-sb slab cache
f2fs: use global inline_xattr_slab instead of per-sb slab cache
In the Linux kernel, the following vulnerability has been resolved:
f2fs: use global inline_xattr_slab instead of per-sb slab cache
As Hong Yun reported in mailing list:
loop7: detected capacity change from 0 to 131072
------------[ cut here ]------------
kmem_cache of name 'f2fs_xattr_entry-7:7' already exists
WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 kmem_cache_sanity_check mm/slab_common.c:109 [inline]
WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 __kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307
CPU: 0 UID: 0 PID: 24426 Comm: syz.7.1370 Not tainted 6.17.0-rc4 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:kmem_cache_sanity_check m
GHSA
GHSA-3fpx-4c54-q88f: A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7
ghsa_unreviewed·2025-02-17
CVE-2025-1370 [MEDIUM] CWE-77 GHSA-3fpx-4c54-q88f: A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7
A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Affected by this issue is the function sprintf of the file epsdaemon of the component Autoscan USB. The manipulation leads to os command injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Agent Next Gen (json-smart) — CVE-2023-1370
vendor_oracle·2025-04-15·CVSS 7.5
CVE-2023-1370 [HIGH] Oracle Oracle Enterprise Manager Risk Matrix: Agent Next Gen (json-smart) — CVE-2023-1370
Oracle Oracle Enterprise Manager Risk Matrix: Agent Next Gen (json-smart) vulnerability
CVE: CVE-2023-1370
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
No detection rules found.
No public exploits indexed.
2025-02-17
Published