PatchSiren cyber security CVE debrief
CVE-2025-7008 Gen Digital CVE debrief
A heap buffer out-of-bounds read vulnerability exists in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata. This vulnerability, tracked as CVE-2025-7008, may allow for Local Execution of Code or Denial-of-Service of the antivirus process. The issue affects multiple products, including Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus, across Windows, macOS, and Linux platforms, for virus definition builds before VPS 25021310.
- Vendor
- Gen Digital
- Product
- Avast Antivirus
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux are affected if their virus definition builds are before VPS 25021310.
Technical summary
The vulnerability is caused by a heap buffer out-of-bounds read when scanning a malformed Windows PE file with .NET metadata. This issue is delivered through a shared Gen Digital virus definition update stream, which feeds multiple consumer antivirus products and other Gen Digital products embedding the same engine.
Defensive priority
HIGH
Recommended defensive actions
- Update virus definitions to VPS 25021310 or later to mitigate this vulnerability.
- Ensure all installations are at or above the listed build to prevent exploitation.
Evidence notes
The CVE-2025-7008 record and details were obtained from the official CVE and NVD sources.
Official resources
-
CVE-2025-7008 CVE record
CVE.org
-
CVE-2025-7008 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7008 was published on 2026-06-12T22:16:48.807Z.