What is the CVSS score of EUVD-2025-210131?

EUVD-2025-210131 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Avira Antivirus are affected by EUVD-2025-210131?

Avira Antivirus engine versions prior to 8.3.70.56 contain a heap out-of-bounds read vulnerability (CVE-2025-7017) that allows local code execution or service denial when scanning malformed Windows…. A patch is available.

How to fix or mitigate EUVD-2025-210131?

Within 24 hours: Audit all endpoints for Avira Antivirus version <8.3.70.56 and document current baseline. Within 7 days: Implement compensating controls (disable MSI scanning, restrict MSI file access to trusted sources, apply application whitelisting for MSI execution). Within 30 days: Monitor Avira advisories for patch release (target: 8.3.70.56 or later) and plan staged deployment to all affected endpoints; evaluate alternative antivirus solutions if patch timeline extends beyond 60 days.

Avira Antivirus EUVD-2025-210131

| CVE-2025-7017 HIGH

Out-of-bounds Read (CWE-125)

2026-06-12 GEN

GHSA-gj87-8w35-2w23

Microsoft Apple Information Disclosure Buffer Overflow Avira Antivirus

7.8

CVSS 3.1 · Vendor: GEN

Severity by source

Vendor (GEN) PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vuln.today AI

7.8 HIGH

Local file must be scanned (AV:L, UI:R); no auth needed to plant a file (PR:N); privileged AV engine execution yields full C/I/A impact within the same scope.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GEN).

CVSS VectorVendor: GEN

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 13, 2026 - 02:00 EUVD

Analysis Generated

Jun 12, 2026 - 22:41 vuln.today

CVE Published

Jun 12, 2026 - 22:13 cve.org

HIGH 7.8

DescriptionCVE.org

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.

AnalysisAI

Local code execution or denial-of-service in Avira Antivirus engine builds prior to 8.3.70.56 occurs when the scanner parses a malformed Windows MSI installer file, triggering a heap out-of-bounds read. The flaw affects deployments on Windows, macOS, and Linux and requires user interaction to place a crafted MSI where the engine will scan it. No public exploit identified at time of analysis and CVSS scores it 7.8 High.

Technical ContextAI

The vulnerability is a CWE-125 out-of-bounds read in the Avira Antivirus scanning engine, identified in CPE cpe:2.3:a:gen_digital:avira_antivirus (Gen Digital, the vendor that absorbed Avira). MSI files are Microsoft Installer packages built on the OLE/Compound File Binary structured-storage format, which contains tables and streams parsed by AV engines to inspect embedded executables. A malformed MSI can cause the parser to read past an allocated heap buffer, exposing adjacent memory or - depending on how the read value is later used - corrupting control flow inside the always-on scanning service.

RemediationAI

Patch available per vendor advisory: update the Avira Antivirus scanning engine to build 8.3.70.56 or later, which most Avira products receive automatically through the engine/definition update channel - verify the engine build under Avira's About/Update screen and consult https://www.gendigital.com/us/en/contact-us/security-advisories/ for the formal notice. Until the updated engine is confirmed deployed, compensating controls include disabling on-access scanning of MSI files via exclusion of the .msi extension (trade-off: malicious installers will no longer be inspected pre-execution, weakening endpoint protection) or blocking inbound delivery of MSI attachments at the mail gateway and proxy (trade-off: legitimate software deployments delivered via MSI may be interrupted). Endpoint logging should be increased on the Avira service process so that crashes consistent with this CWE-125 read are surfaced rather than silently restarted.

More from same product – last 7 days

CVE-2025-7002 HIGH This Week

7.8 Jun 12

Local code execution and denial-of-service in Avira Antivirus engine builds before 8.3.70.68 allow an attacker to compro

CVE-2025-7003 HIGH This Week

7.8 Jun 12

Out-of-bounds heap read in the Avira Antivirus scanning engine triggers when the engine parses a malformed PDF, allowing

CVE-2025-14098 HIGH This Week

7.8 Jun 12

Local code execution in Avira Antivirus engine builds before 8.3.70.104 on Windows, macOS, and Linux allows attackers to

CVE-2025-9032 HIGH This Week

7.8 Jun 12

Heap out-of-bounds read in the Avira Antivirus scanning engine on Windows, macOS, and Linux (engine builds before 8.3.70

CVE-2025-9033 HIGH This Week

7.8 Jun 12

Local code execution in Avira Antivirus engine builds before 8.3.70.76 on Windows, macOS, and Linux is triggered when th

EUVD-2025-210131 vulnerability details – vuln.today

Back

Avira Antivirus EUVD-2025-210131

Severity by source

CVSS VectorVendor: GEN

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code