Multiple critical vulnerabilities in ClamAV (CVSS Base Score 9.8) allow a remote, anonymous attacker to cause a Denial of Service. Affected versions include ClamAV versions prior to 1.4.3 and 1.0.9, as well as numerous downstream products including specific versions of cPanel/WHM, Debian, Ubuntu, SUSE, Fedora, and Cisco Secure Endpoint connectors. Mitigations are available, and users should apply the relevant updates provided by their operating system or software vendor.
[WID-SEC-2025-1362] ClamAV: Mehrere Schwachstellen ermöglichen Denial of Service CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 19.06.2025 Stand UPDATE 22.05.2026 Mitigation ja Betroffene Systeme Betriebssystem Linux UNIX Windows Produktbeschreibung ClamAV ist ein Open Source Virenscanner. Produkte UPDATE 21.05.2026 cPanel cPanel/WHM 126.0.63 UPDATE 30.09.2025 cPanel cPanel/WHM <132.0.0 UPDATE 04.09.2025 Debian Linux UPDATE 02.07.2025 Ubuntu Linux UPDATE 29.06.2025 cPanel cPanel/WHM <118.0.50 cPanel cPanel/WHM <126.0.25 cPanel cPanel/WHM <128.0.15 UPDATE 26.06.2025 SUSE Linux UPDATE 22.06.2025 Fedora Linux 19.06.2025 Open Source ClamAV <1.4.3 Open Source ClamAV <1.0.9 Cisco Secure Endpoint Connector for Linux <1.26.1 Cisco Secure Endpoint Connector for Mac <1.26.1 Cisco Secure Endpoint Connector for Windows <7.5.21 Cisco Secure Endpoint Connector for Windows <8.4.5 Cisco Secure Endpoint Private Cloud <4.2.2 Angriff Angriff Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ClamAV ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben