Linux Distros Unpatched Vulnerability : CVE-2025-20260

🗓️ 27 Aug 2025 00:00:00Reported by TenableType

Unpatched Linux or Unix host with ClamAV PDF scanning, causing DoS or code execution via crafted PDFs.

Reporter	Title	Published	Views	Family All 78
IBM Security Bulletins	Security Bulletin: IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.0/Data Protect 7.3	10 Dec 202515:04	–	ibm
FreeBSD	clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability	18 Jun 202500:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : clamav1.4, clamav1.4-data, clamav1.4-devel (ALAS2023-2025-1081)	10 Jul 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: clamav (CVE-2025-20260)	11 Jul 202500:00	–	nessus
Tenable Nessus	ClamAV 0.99.4 < 1.0.9, 1.2.0 < 1.4.3 Multiple Vulnerabilities	8 Jul 202500:00	–	nessus
Tenable Nessus	Debian dla-4292 : clamav - security update	4 Sep 202500:00	–	nessus
Tenable Nessus	Fedora 42 : clamav (2025-2ac841fe82)	21 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 41 : clamav (2025-88b0ad0c1f)	27 Jun 202500:00	–	nessus
Tenable Nessus	FreeBSD : clamav -- ClamAV PDF Scanning Buffer Overflow Vulnerability (3dcc0812-4da5-11f0-afcc-f02f7432cf97)	21 Jun 202500:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: clamav (CVE-2025-20260)	11 Jul 202500:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2025-20260
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(257094);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/07");

  script_cve_id("CVE-2025-20260");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-20260");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to
    cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on
    an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF
    files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be
    scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer
    overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the
    affected software. Although unproven, there is also a possibility that an attacker could leverage the
    buffer overflow to execute arbitrary code with the privileges of the ClamAV process. (CVE-2025-20260)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-20260");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-20260");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:clamav");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "clamav"},
          {"reference": "clamav-base"},
          {"reference": "clamav-daemon"},
          {"reference": "clamav-dbg"},
          {"reference": "clamav-docs"},
          {"reference": "clamav-freshclam"},
          {"reference": "clamav-milter"},
          {"reference": "clamav-testfiles"},
          {"reference": "libclamav-dev"},
          {"reference": "libclamav6"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "clamav"},
          {"reference": "clamav-base"},
          {"reference": "clamav-daemon"},
          {"reference": "clamav-dbg"},
          {"reference": "clamav-docs"},
          {"reference": "clamav-freshclam"},
          {"reference": "clamav-milter"},
          {"reference": "clamav-testfiles"},
          {"reference": "clamdscan"},
          {"reference": "libclamav-dev"},
          {"reference": "libclamav7"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "clamav"},
          {"reference": "clamav-base"},
          {"reference": "clamav-daemon"},
          {"reference": "clamav-docs"},
          {"reference": "clamav-freshclam"},
          {"reference": "clamav-milter"},
          {"reference": "clamav-testfiles"},
          {"reference": "clamdscan"},
          {"reference": "libclamav-dev"},
          {"reference": "libclamav7"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

07 Sep 2025 00:00Current

9.2High risk

Vulners AI Score9.2

CVSS 3.19.8

EPSS0.01231

SSVC