CVE-2025-20234: 
Clam AntiVirus vulnerability analysis and mitigation

A vulnerability in Universal Disk Format (UDF) processing of ClamAV (CVE-2025-20234) was discovered that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability was disclosed on June 18, 2025, and affects ClamAV versions from 1.2.0 onwards. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) (NVD, Cisco Advisory).

The vulnerability is caused by a memory overread during UDF file scanning, classified as CWE-125 (Out-of-bounds Read). The flaw was introduced in ClamAV version 1.2.0 and affects the engine's ability to process files using the Universal Disk Format, which is commonly found in DVDs and ISO images. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to terminate the ClamAV scanning process, resulting in a denial of service (DoS) condition on the affected software. The vulnerability affects various platforms including Cisco Secure Endpoint Connector for Linux, Mac, and Windows, as well as Secure Endpoint Private Cloud (Cisco Advisory).

Cisco has released software updates that address this vulnerability in ClamAV versions 1.4.3 and 1.0.9. The fixed releases include Secure Endpoint Connector for Linux version 1.26.1, Mac version 1.26.1, and Windows version 7.5.218.4.5. No workarounds are available for this vulnerability, making it critical for users to upgrade to the patched versions (ClamAV Blog, Cisco Advisory).

The vulnerability was discovered by Volticks, working with Trend Micro Zero Day Initiative (ZDI). The security community has classified this as a medium-severity vulnerability, and it has received attention alongside another more critical ClamAV vulnerability (CVE-2025-20260) that was patched in the same release (Wiz).