Cisco warns of a ClamAV bug with PoC exploit

Cisco released security updates for a ClamAV denial-of-service (DoS) vulnerability, CVE-2025-20128, which allows remote attackers to crash scans and cause a DoS condition. The vulnerability, discovered by Google OSS-Fuzz, impacts Linux, Mac, and Windows systems and is rated Medium-impact. This is the second ClamAV vulnerability fixed by Cisco this year, following a critical flaw in February.