What is the CVSS score of EUVD-2025-210122?

EUVD-2025-210122 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Avira Antivirus are affected by EUVD-2025-210122?

Avira Antivirus versions before 8.3.70.68 contain a critical scanning engine vulnerability enabling local code execution or denial-of-service when processing malformed PDF files.. A patch is available.

How to fix or mitigate EUVD-2025-210122?

24 hours: Identify all endpoints and servers running Avira Antivirus and document their engine versions; flag any instances below 8.3.70.68 for priority remediation. 7 days: Implement interim controls-disable real-time PDF scanning where operationally viable, restrict Avira process privileges, and deploy endpoint monitoring to detect scanning engine crashes or unexpected privilege escalation. 30 days: Establish continuous monitoring of Avira security advisories for patch release; prepare tested deployment plan to upgrade to version 8.3.70.68 or later on first availability.

Avira Antivirus EUVD-2025-210122

| CVE-2025-7002 HIGH

Out-of-bounds Read (CWE-125)

2026-06-12 GEN

GHSA-xhrh-vvgh-pgxr

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus

7.8

CVSS 3.1 · Vendor: GEN

Severity by source

Vendor (GEN) PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vuln.today AI

7.8 HIGH

File must reach local scan path (AV:L); no auth needed (PR:N) but scanner must process the file (UI:R); engine runs privileged, so successful LCE yields full C/I/A.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 13, 2026 - 02:00 EUVD

Analysis Generated

Jun 12, 2026 - 22:37 vuln.today

CVE Published

Jun 12, 2026 - 21:59 cve.org

HIGH 7.8

DescriptionCVE.org

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.

AnalysisAI

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compromise the scanning engine by placing a malformed PDF where the engine will scan it on Windows, macOS, or Linux. The flaw is a heap out-of-bounds read (CWE-125) triggered during PDF parsing, and no public exploit identified at time of analysis. CVSS is 7.8 (high) driven by full C/I/A impact on the local host, but exploitation requires user/scanner interaction with the malicious file.

Technical ContextAI

The defect lives inside the Avira Antivirus scanning engine - a cross-platform on-access/scheduled scanner that auto-parses untrusted file formats (here, PDF) to detect malware. CWE-125 (out-of-bounds read) in a heap region of the PDF parser means a crafted document with corrupted length fields, malformed object streams, or invalid cross-reference tables causes the parser to read past an allocated buffer. The CPE cpe:2.3:a:gen_digital:avira_antivirus:*:*:*:*:*:*:*:* indicates Gen Digital (the post-NortonLifeLock entity that owns Avira) ships a single engine codebase across Windows, macOS, and Linux, so the underlying parsing bug is platform-agnostic and the engine process runs with elevated privileges (SYSTEM/root) for on-access scanning, which is why an OOB read in a security product is rated for local code execution rather than just an information leak.

RemediationAI

Update the Avira Antivirus scanning engine to build 8.3.70.68 or later, which the vendor identifies as the fix line - Patch available per vendor advisory at https://www.gendigital.com/us/en/contact-us/security-advisories/. Engine updates are normally delivered automatically through Avira's update channel, so verify that auto-update is enabled and force a manual definition/engine update; on managed endpoints confirm the engine build (not just the product version) reports 8.3.70.68+. If patching is delayed, compensating controls include disabling on-access scanning of PDFs (trade-off: reduces malware detection coverage for the most common phishing payload), routing inbound PDFs through a separate sandbox or upstream gateway scanner instead of Avira, and restricting which users can drop files into directories monitored by the on-access scanner - none of these are a substitute for the engine update and each materially weakens AV coverage while in place.

More from same product – last 7 days

CVE-2025-7003 HIGH This Week

7.8 Jun 12

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing

CVE-2025-7017 HIGH This Week

7.8 Jun 12

Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner pa

CVE-2025-14098 HIGH This Week

7.8 Jun 12

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to

CVE-2025-9032 HIGH This Week

7.8 Jun 12

Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70

CVE-2025-9033 HIGH This Week

7.8 Jun 12

Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when th

EUVD-2025-210122 vulnerability details – vuln.today

Back

Avira Antivirus EUVD-2025-210122

Severity by source

CVSS VectorVendor: GEN

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code