Cisco has issued critical security updates to address a significant vulnerability in ClamAV antivirus software (CVE-2025-20128). The flaw, stemming from a heap-based buffer overflow in the OLE2 decryption routine, enables remote attackers to cause denial-of-service (DoS) conditions without authentication.

The vulnerability impacts Cisco’s Secure Endpoint Connector software across Linux, Mac, and Windows platforms. When exploited, attackers can crash the ClamAV scanning process by submitting specially crafted files containing malicious OLE2 content, disrupting antivirus operations. However, Cisco confirms that overall system stability remains unaffected.

While proof-of-concept exploit code is publicly available, Cisco’s Product Security Incident Response Team (PSIRT) reports no active exploitation in the wild. The company simultaneously patched additional security issues, including:

– A DoS vulnerability in Cisco BroadWorks (CVE-2025-20165)
– A critical privilege escalation flaw in Cisco Meeting Management REST API (CVE-2025-20156)

This update follows recent security patches for other significant vulnerabilities, including a DoS issue in Cisco ASA and Firepower Threat Defense software, and a critical flaw in Ultra-Reliable Wireless Backhaul industrial access points.

Organizations using affected Cisco products are urged to apply the security updates promptly to mitigate potential risks.