Skip to main content

Avast Antivirus EUVD-2025-210129

| CVE-2025-7010 MEDIUM
Uncontrolled Recursion (CWE-674)
2026-06-12 GEN GHSA-vf74-69rc-vmq4
Microsoft Apple Buffer Overflow Avast Antivirus Avg Antivirus Norton Antivirus Avast One Avast Business Antivirus
5.5
CVSS 3.1 · Vendor: GEN
Share

Severity by source

Vendor (GEN) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

AV:L reflects that the malicious PDF must reside on the local filesystem; PR:N because no account privileges are required to introduce a scanned file; UI:R because a user action (download, receive, or open) is needed to place the file; A:H for full crash of the AV process; no confidentiality or integrity impact.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch available
Jun 13, 2026 - 02:00 EUVD
Analysis Generated
Jun 12, 2026 - 22:48 vuln.today
CVE Published
Jun 12, 2026 - 22:11 cve.org
MEDIUM 5.5

DescriptionCVE.org

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process.

This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208.

The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

AnalysisAI

Stack overflow via uncontrolled recursion crashes the antivirus scanning process across all Gen Digital consumer and business products when a crafted malformed PDF is scanned. Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux are all affected through a shared Gen Digital virus definition engine (VPS builds before 25021208). An attacker who can place a specially crafted PDF on a target system - or deliver it via email or download - can force a denial-of-service of the antivirus process; no public exploit has been identified at time of analysis.

Technical ContextAI

The root cause is CWE-674 (Uncontrolled Recursion), a class of vulnerability where a parser fails to bound recursive call depth when processing nested or self-referential structures. PDF is a format that supports recursive object references and deeply nested tree structures (e.g., page content streams, object cross-references, linearization structures); a malformed PDF can exploit this by encoding pathologically deep nesting that exhausts the call stack. The affected logic resides in the shared Gen Digital virus definition stream rather than the base antivirus engine binary - meaning the same vulnerable scanning code is delivered via VPS update to all five identified CPE targets: cpe:2.3:a:gen_digital:avast_antivirus, cpe:2.3:a:gen_digital:avg_antivirus, cpe:2.3:a:gen_digital:norton_antivirus, cpe:2.3:a:gen_digital:avast_one, and cpe:2.3:a:gen_digital:avast_business_antivirus, across Windows, macOS, and Linux platforms. This shared-engine architecture means a single definition update both introduced and resolves the vulnerability across all affected product lines simultaneously.

RemediationAI

The primary fix is delivered through the Gen Digital virus definition (VPS) update stream - installations at or above build VPS 25021208 are not vulnerable regardless of the base product version or platform. Administrators should verify that auto-update of virus definitions is enabled and confirm the installed VPS build number meets or exceeds 25021208 through the product console or management dashboard. For managed enterprise deployments using Avast Business Antivirus, ensure the definition update policy is not paused or bandwidth-throttled in a way that delays receipt of the remediated definitions. As a compensating control where immediate update is not possible, temporarily disabling on-access PDF scanning or restricting the scanning engine from processing PDF files can prevent exploitation, though this reduces detection capability for PDF-embedded malware and should be treated as a short-term measure only. Consult the Gen Digital advisory at https://www.gendigital.com/us/en/contact-us/security-advisories/ for official confirmation of build thresholds.

More from same product – last 7 days

CVE-2025-7004 HIGH
7.8 Jun 12

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of serv
CVE-2025-7008 HIGH
7.8 Jun 12

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) all
CVE-2025-7009 HIGH
7.8 Jun 12

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV
CVE-2025-7011 HIGH
7.8 Jun 12

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Busine
CVE-2025-7005 MEDIUM
5.5 Jun 12

Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec

Share

EUVD-2025-210129 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy