What is the CVSS score of CVE-2025-9032?

CVE-2025-9032 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Avira Antivirus are affected by CVE-2025-9032?

Avira Antivirus scanning engine (versions before 8.3.70.98) on Windows, macOS, and Linux contains a heap out-of-bounds read vulnerability that can enable local code execution or crash the protection…. A patch is available.

How to fix or mitigate CVE-2025-9032?

Within 24 hours: Inventory all systems running Avira Antivirus and identify those with engine builds before 8.3.70.98; scan environment for suspicious PE files and monitor for unexpected crashes of the Avira engine process. Within 7 days: Implement compensating controls (detailed below) and establish daily monitoring of Avira security advisories for patch release. Within 30 days: Apply vendor-released patch to Avira engine version 8.3.70.98 or later across all systems and verify remediation.

Avira Antivirus CVE-2025-9032

EUVD-2025-210134 HIGH

Out-of-bounds Read (CWE-125)

2026-06-12 GEN

GHSA-xwvr-mg4x-vxqq

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus

7.8

CVSS 3.1 · Vendor: GEN

Severity by source

Vendor (GEN) PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vuln.today AI

7.8 HIGH

File must reach local disk (AV:L) and be scanned (UI:R); no auth needed (PR:N); engine runs at high privilege so successful exploitation yields full C/I/A impact.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 13, 2026 - 02:00 EUVD

Analysis Generated

Jun 12, 2026 - 23:15 vuln.today

CVE Published

Jun 12, 2026 - 22:14 cve.org

HIGH 7.8

DescriptionCVE.org

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.98.

AnalysisAI

Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70.98) allows a malformed Windows PE file to trigger local code execution or crash the antivirus engine process. Because AV engines typically auto-scan files on access, simply writing or dropping a crafted PE onto disk can reach the vulnerable parser, and no public exploit identified at time of analysis. Exploitation requires the victim's AV to scan the file (UI:R), so realistic delivery is via downloads, email attachments, or removable media rather than fully remote unauthenticated execution.

Technical ContextAI

The vulnerability is a CWE-125 out-of-bounds read in the heap, occurring inside Avira's PE (Portable Executable) file parser within the antimalware scanning engine. PE parsers must validate numerous size, offset, and section header fields embedded in the Windows executable format; a malformed value (e.g., truncated headers, oversized section counts, or out-of-range RVAs) can cause the parser to read past an allocated heap buffer. Per the CPE (cpe:2.3:a:gen_digital:avira_antivirus), the affected component is the Gen Digital-maintained Avira engine shared across Windows, macOS, and Linux endpoint products, meaning the same parser code path is reachable on all three platforms despite PE being a Windows-native format - AV engines parse PE on every OS to detect Windows malware on file shares, mail gateways, and cross-platform scans.

RemediationAI

Vendor-released patch: Avira Antivirus engine 8.3.70.98 or later - update the scanning engine on all Windows, macOS, and Linux endpoints to this build or newer, consulting the advisory at https://www.gendigital.com/us/en/contact-us/security-advisories/. Engine updates are normally delivered automatically through the Avira update channel, so verify that auto-update is enabled and that endpoints have successfully received the new engine version (administrators in managed deployments should confirm via their console). As a temporary compensating control where the engine cannot be updated immediately, restrict ingestion of untrusted PE files (block executable attachments at the mail gateway, disallow .exe/.dll uploads to file shares scanned by Avira), accepting that this reduces normal workflow for software installers; disabling on-access scanning is not recommended because it removes the AV's core protective function.

More from same product – last 7 days

CVE-2025-7002 HIGH This Week

7.8 Jun 12

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compro

CVE-2025-7003 HIGH This Week

7.8 Jun 12

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing

CVE-2025-7017 HIGH This Week

7.8 Jun 12

Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner pa

CVE-2025-14098 HIGH This Week

7.8 Jun 12

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to

CVE-2025-9033 HIGH This Week

7.8 Jun 12

Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when th

CVE-2025-9032 vulnerability details – vuln.today

Back

Avira Antivirus CVE-2025-9032

Severity by source

CVSS VectorVendor: GEN

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code