PatchSiren cyber security CVE debrief

CVE-2025-7010 Gen Digital CVE debrief

A stack overflow vulnerability, CVE-2025-7010, was discovered in Avast Antivirus when scanning a malformed PDF file. This issue may allow a Denial-of-Service (DoS) of the antivirus process. The vulnerability affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream, which also feeds other Gen Digital products embedding the same engine. Mitigation is available through this update channel; installations at or above the listed build are not vulnerable. The CVSS score for this vulnerability is 5.5, with a severity rating of MEDIUM.

Vendor: Gen Digital
Product: Avast Antivirus
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-12
Original CVE updated: 2026-06-12
Advisory published: 2026-06-12
Advisory updated: 2026-06-12

Who should care

Users of Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux who have not updated to virus definition build VPS 25021208 or later should be aware of this vulnerability and take steps to mitigate it.

Technical summary

The vulnerability is caused by uncontrolled recursion when scanning a malformed PDF file, leading to a stack overflow. This can potentially allow an attacker to cause a Denial-of-Service (DoS) of the antivirus process.

Defensive priority

MEDIUM

Recommended defensive actions

Update to virus definition build VPS 25021208 or later to mitigate the vulnerability.
Ensure that all installations of affected products are updated to the latest virus definition build.

Evidence notes

The CVE-2025-7010 vulnerability was discovered and reported through a shared Gen Digital virus definition update stream.

Official resources

CVE-2025-7010 was published on 2026-06-12T22:16:49.080Z.