PatchSiren cyber security CVE debrief

CVE-2025-7005 Gen Digital CVE debrief

A medium-severity vulnerability, CVE-2025-7005, was found in Avast Antivirus when scanning a malformed Windows PE file, potentially leading to Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25031700. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. Installations at or above the listed build are not vulnerable, regardless of which product consumes the stream.

Vendor: Gen Digital
Product: Avast Antivirus
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-12
Original CVE updated: 2026-06-12
Advisory published: 2026-06-12
Advisory updated: 2026-06-12

Who should care

Users of Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux with virus definition builds before VPS 25031700 should apply the mitigation by updating to a build at or above VPS 25031700.

Technical summary

The vulnerability, with a CVSS score of 5.5, is caused by uncontrolled recursion when scanning a malformed Windows PE file. This may allow for Denial-of-Service of the antivirus process. The issue is addressed through a shared Gen Digital virus definition update stream, which feeds consumer antivirus products and other Gen Digital products embedding the same engine.

Defensive priority

Medium

Recommended defensive actions

Update virus definition builds to VPS 25031700 or later.

Evidence notes

The CVE-2025-7005 record was published on June 12, 2026, and has not been modified since then. The vulnerability affects multiple products from Gen Digital, including Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus.

Official resources

CVE-2025-7005 was published on 2026-06-12T22:16:48.527Z.