What is the CVSS score of EUVD-2025-210130?

EUVD-2025-210130 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Avast Antivirus are affected by EUVD-2025-210130?

Gen Digital antivirus products (Avast, AVG, Norton) deployed across enterprise environments are vulnerable to attack via specially-crafted archives that can disable antivirus services or execute code…. A patch is available.

How to fix or mitigate EUVD-2025-210130?

Within 24 hours: Identify all systems running affected Gen Digital antivirus products (virus definition builds 25020100-25021207) and restrict user access to untrusted archive files through endpoint controls. Within 7 days: Contact Gen Digital for timeline to patched definitions beyond build 25021207 and conduct testing in a non-production environment. Within 30 days: Deploy patched virus definitions organization-wide once available; if unavailable, implement full compensating controls.

Avast Antivirus EUVD-2025-210130

| CVE-2025-7011 HIGH

Out-of-bounds Read (CWE-125)

2026-06-12 GEN

GHSA-j95q-6549-w3j4

Microsoft Apple Information Disclosure Buffer Overflow Avast Antivirus Avg Antivirus Norton Antivirus Avast One Avast Business Antivirus

7.8

CVSS 3.1 · Vendor: GEN

Severity by source

Vendor (GEN) PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vuln.today AI

7.8 HIGH

Malformed file must reach local scanner (AV:L, UI:R); no auth needed (PR:N); AV process typically privileged so successful code execution yields high C/I/A.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 13, 2026 - 02:00 EUVD

Analysis Generated

Jun 12, 2026 - 22:40 vuln.today

CVE Published

Jun 12, 2026 - 22:12 cve.org

HIGH 7.8

DescriptionCVE.org

Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process.

This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds from 25020100 before 25021208.

The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

AnalysisAI

Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Business Antivirus) on Windows, macOS, and Linux stems from a heap out-of-bounds read in the malformed-ZIP/XML scanner across virus definition builds 25020100 through 25021207. An attacker who lures a user into letting the on-access scanner process a crafted archive can crash the antivirus process or potentially execute code in its context. No public exploit identified at time of analysis and the EPSS signal was not provided.

Technical ContextAI

The defect is a CWE-125 out-of-bounds read on the heap inside the archive-scanning component shared by Gen Digital's consumer and business antivirus engines. The vulnerable code path is triggered when the scanner unpacks a ZIP file and parses XML content within it, suggesting a length or bounds miscalculation while traversing structured records in the embedded document. Because the affected logic ships through the centralized Gen Digital virus definition update stream rather than the product installer, every product that consumes the stream - Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus per the CPE list - is uniformly affected and uniformly fixed when the definition build advances.

RemediationAI

Patch available per vendor advisory: ensure the virus definition build is at or above 25021208, which is delivered automatically through the Gen Digital definition update stream consumed by Avast, AVG, Norton, Avast One, and Avast Business Antivirus - administrators should verify the engine has successfully pulled an update past that build via the product's update status UI or management console. Because the fix ships through definitions rather than installer packages, no product reinstallation or version upgrade is required, but environments that block or stale-cache definition updates (air-gapped endpoints, restrictive proxies, paused updates) must release those constraints. As a temporary compensating control before the definition update applies, restrict the scanner's exposure to attacker-supplied archives by blocking inbound ZIPs at email and web gateways and disabling automatic scanning of removable media, accepting the trade-off that legitimate archive-borne malware will not be caught by on-access scanning during the window. Refer to https://www.gendigital.com/us/en/contact-us/security-advisories/ for the authoritative advisory.

More from same product – last 7 days

CVE-2025-7004 HIGH This Week

7.8 Jun 12

Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of serv

CVE-2025-7008 HIGH This Week

7.8 Jun 12

Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) all

CVE-2025-7009 HIGH This Week

7.8 Jun 12

Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV

CVE-2025-7005 MEDIUM This Month

5.5 Jun 12

Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec

CVE-2025-7006 MEDIUM This Month

5.5 Jun 12

Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a

EUVD-2025-210130 vulnerability details – vuln.today

Back

Avast Antivirus EUVD-2025-210130

Severity by source

CVSS VectorVendor: GEN

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code