PatchSiren cyber security CVE debrief
CVE-2025-7003 Gen Digital CVE debrief
A heap buffer out-of-bounds read vulnerability was discovered in the Avira Antivirus engine. This issue occurs when the engine scans a malformed PDF file, potentially allowing for Local Execution of Code or Denial-of-Service of the antivirus engine process. The vulnerability affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56. The CVSS score for this vulnerability is 7.8, indicating a High severity level.
- Vendor
- Gen Digital
- Product
- Avira Antivirus
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avira Antivirus on Windows, macOS, and Linux with engine builds before 8.3.70.56 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a heap buffer out-of-bounds read issue in the Avira Antivirus engine when scanning a malformed PDF file. This can lead to Local Execution of Code or Denial-of-Service of the antivirus engine process.
Defensive priority
High
Recommended defensive actions
- Update Avira Antivirus engine to build 8.3.70.56 or later.
- Ensure that all Avira Antivirus installations are running with the latest engine build.
Evidence notes
The CVE record for CVE-2025-7003 was obtained from the official CVE.org website [cve-org]. Additional information was obtained from the National Vulnerability Database (NVD) [nvd].
Official resources
-
CVE-2025-7003 CVE record
CVE.org
-
CVE-2025-7003 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7003 was published on 2026-06-12T22:16:48.260Z and has not been modified since then.