PatchSiren cyber security CVE debrief
CVE-2025-7006 Gen Digital CVE debrief
A use of stack memory after free vulnerability in Avast Antivirus may allow Denial-of-Service of the antivirus process when scanning a malformed Windows PE file. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25022500.
- Vendor
- Gen Digital
- Product
- Avast Antivirus
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux with virus definition builds before VPS 25022500.
Technical summary
The vulnerability is caused by a use of stack memory after free issue in the scanning logic of Avast Antivirus when handling malformed Windows PE files. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream.
Defensive priority
MEDIUM
Recommended defensive actions
- Update virus definitions to VPS 25022500 or later.
- Ensure installations are at or above the listed build to mitigate the vulnerability.
Evidence notes
The CVE-2025-7006 vulnerability has a CVSS score of 5.5 and is classified as MEDIUM severity. The vulnerability affects multiple products from Gen Digital, including Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus.
Official resources
-
CVE-2025-7006 CVE record
CVE.org
-
CVE-2025-7006 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7006 was published on 2026-06-12T22:16:48.670Z.