Skip to main content

Avast Antivirus EUVD-2025-210127

| CVE-2025-7008 HIGH
Out-of-bounds Read (CWE-125)
2026-06-12 GEN GHSA-9p39-jvf2-cmhf
Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus Avg Antivirus Norton Antivirus Avast One Avast Business Antivirus
7.8
CVSS 3.1 · Vendor: GEN
Share

Severity by source

Vendor (GEN) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
6.6 MEDIUM

Local file must be scanned (AV:L, UI:R), no auth needed (PR:N); OOB read reliably crashes AV (A:H) while RCE/info-leak from a read primitive is uncertain, so C:L/I:L rather than H.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 13, 2026 - 02:00 EUVD
Analysis Generated
Jun 12, 2026 - 22:38 vuln.today
CVE Published
Jun 12, 2026 - 22:09 cve.org
HIGH 7.8

DescriptionCVE.org

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process.

This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021310.

The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

AnalysisAI

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) allows a malformed Windows PE file with crafted .NET metadata to crash the AV process or potentially execute code locally on Windows, macOS, and Linux endpoints running virus definitions prior to VPS 25021310. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the bug is reachable via on-access scanning, meaning any user who receives a malicious file may trigger it without explicit action. UI:R in the CVSS vector and the local attack vector temper the urgency relative to the 7.8 base score.

Technical ContextAI

The flaw is a CWE-125 out-of-bounds read in the PE/.NET parser embedded in the shared Gen Digital virus definition update stream - the same engine code path consumed by Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus, as confirmed by the five gen_digital CPEs in NVD. PE files carry an optional COM/CLR header pointing at .NET metadata tables (#~, #Strings, #US, #GUID, #Blob); insufficient bounds checking when walking these structures lets a crafted file steer the scanner into reading past the allocated heap buffer. Because AV engines auto-scan files written to disk or arriving via email/web, the parser sits behind a privileged, always-on attack surface running with elevated rights on every supported OS.

RemediationAI

Patch available per vendor advisory - ensure each affected installation has pulled VPS definition build 25021310 or later via the standard Gen Digital virus definition update channel, which is shared across Avast, AVG, Norton, Avast One, and Avast Business Antivirus; no installer upgrade is required because mitigation ships through definitions rather than the product binary. Verify on endpoints by checking the VPS/definitions build number in the product UI or via management console reporting, and force an update on any host whose auto-update is disabled or stale. If updates cannot be applied immediately, the only meaningful compensating control is to disable on-access (real-time) scanning of untrusted file sources such as email attachments and downloads to prevent the parser from touching attacker-supplied PE files - this materially reduces malware detection coverage and should be a short-window measure only, not a long-term workaround; do not rely on file-extension or MIME filtering since PE parsing is triggered by content. Confirm advisory details at https://www.gendigital.com/us/en/contact-us/security-advisories/.

More from same product – last 7 days

CVE-2025-7004 HIGH
7.8 Jun 12

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of serv
CVE-2025-7009 HIGH
7.8 Jun 12

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV
CVE-2025-7011 HIGH
7.8 Jun 12

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Busine
CVE-2025-7005 MEDIUM
5.5 Jun 12

Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec
CVE-2025-7006 MEDIUM
5.5 Jun 12

Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a

Share

EUVD-2025-210127 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy