PatchSiren cyber security CVE debrief
CVE-2025-7004 Gen Digital CVE debrief
A heap buffer out-of-bounds write vulnerability exists in Avast Antivirus when scanning a malformed Windows PE file. This issue may allow for Local Execution of Code or Denial-of-Service of the antivirus process. The vulnerability affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25040308.
- Vendor
- Gen Digital
- Product
- Avast Antivirus
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux
Technical summary
The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Defensive priority
HIGH
Recommended defensive actions
- Update virus definition builds to VPS 25040308 or later
- Ensure installations are at or above the listed build to mitigate vulnerability
Evidence notes
The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
Official resources
-
CVE-2025-7004 CVE record
CVE.org
-
CVE-2025-7004 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7004 was published on 2026-06-12T22:16:48.383Z.