What is the CVSS score of CVE-2025-7004?

CVE-2025-7004 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Avast Antivirus are affected by CVE-2025-7004?

Avast, AVG, and Norton's shared antivirus platform contains a vulnerability enabling local attackers to execute code with system-level privileges, transforming these protective tools into vectors for…. A patch is available.

How to fix or mitigate CVE-2025-7004?

24 hours: Inventory all systems running Avast, AVG, Norton, Avast One, or Avast Business Antivirus products and prioritize systems with elevated local access or multi-user environments. 7 days: Implement network and access controls to restrict local user privileges; monitor system logs for anomalous process execution from antivirus engine processes; contact vendor for interim guidance. 30 days: Deploy vendor patch to VPS 25040308 or later once available; validate patch effectiveness across test environments before broad deployment.

Avast Antivirus CVE-2025-7004

EUVD-2025-210124 HIGH

Out-of-bounds Write (CWE-787)

2026-06-12 GEN

GHSA-c5xp-jrpg-96g4

Microsoft Memory Corruption Buffer Overflow Apple Avast Antivirus Avg Antivirus Norton Antivirus Avast One Avast Business Antivirus

7.8

CVSS 3.1 · Vendor: GEN

Severity by source

Vendor (GEN) PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vuln.today AI

7.8 HIGH

Local because the malformed PE must reach the endpoint; UI:R as a file must be presented for scanning; PR:N since the scanner auto-parses; full CIA impact at AV process privilege.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 13, 2026 - 02:00 EUVD

Analysis Generated

Jun 12, 2026 - 22:38 vuln.today

CVE Published

Jun 12, 2026 - 22:04 cve.org

HIGH 7.8

DescriptionCVE.org

Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process.

This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25040308.

The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

AnalysisAI

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of service when the engine parses a malformed Windows PE file, affecting Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux on virus definition builds prior to VPS 25040308. Because the flaw lives in the scanner that typically runs with elevated privileges, successful exploitation can escalate to code execution in a high-privilege security context. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Technical ContextAI

The root cause is CWE-787 (out-of-bounds write) on the heap inside the PE (Portable Executable) file parser used by the Gen Digital antivirus engine. PE is Microsoft's executable container format whose headers (DOS stub, NT headers, section tables, data directories) drive size and offset calculations during parsing; a malformed field can trick the parser into computing a destination buffer that is too small or a write length that is too large, corrupting adjacent heap structures. The vulnerable parser is delivered as part of the shared virus definition update stream (VPS), so a single engine bug propagates simultaneously to every Gen Digital consumer product that embeds it - Avast, AVG, Norton, Avast One, and Avast Business - across Windows, macOS, and Linux as indicated by the listed CPEs (gen_digital:avast_antivirus, avg_antivirus, norton_antivirus, avast_one, avast_business_antivirus).

RemediationAI

Vendor-released patch: virus definition build VPS 25040308 or later, delivered automatically through the Gen Digital VPS update stream - confirm that auto-update is enabled and that endpoints have actually pulled a definition build at or above VPS 25040308 (the engine version, not the product installer version, is what matters). Because mitigation flows through the definition channel rather than a product upgrade, no traditional installer rollout is required; fleet operators should query their management console for the current VPS build on each endpoint and force an update on stragglers. Until every endpoint reports VPS 25040308+, compensating controls are limited because disabling on-access scanning would defeat the purpose of the AV product, but high-risk hosts can be temporarily configured to exclude untrusted directories from real-time PE scanning (trade-off: malicious binaries dropped there will not be caught) or to route untrusted files through a sandboxed analysis pipeline before they touch the endpoint. Reference: https://www.gendigital.com/us/en/contact-us/security-advisories/.

More from same product – last 7 days

CVE-2025-7008 HIGH This Week

7.8 Jun 12

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) all

CVE-2025-7009 HIGH This Week

7.8 Jun 12

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV

CVE-2025-7011 HIGH This Week

7.8 Jun 12

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Busine

CVE-2025-7005 MEDIUM This Month

5.5 Jun 12

Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec

CVE-2025-7006 MEDIUM This Month

5.5 Jun 12

Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a

CVE-2025-7004 vulnerability details – vuln.today

Back

Avast Antivirus CVE-2025-7004

Severity by source

CVSS VectorVendor: GEN

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code