PatchSiren cyber security CVE debrief
CVE-2025-7011 Gen Digital CVE debrief
A heap out-of-bounds read vulnerability exists in Avast Antivirus when scanning a malformed zip file containing XML. This issue may allow for Local Execution of Code or Denial-of-Service of the antivirus process. The vulnerability affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds from 25020100 before 25021208.
- Vendor
- Gen Digital
- Product
- Avast Antivirus
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux with virus definition builds from 25020100 before 25021208 should apply the necessary updates to mitigate this vulnerability.
Technical summary
The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
Defensive priority
HIGH
Recommended defensive actions
- Update virus definitions to build 25021208 or later.
- Ensure that the antivirus software is configured to receive automatic updates.
Evidence notes
The CVE-2025-7011 vulnerability has a CVSS score of 7.8 and is considered HIGH severity. The vulnerability was published on June 12, 2026.
Official resources
-
CVE-2025-7011 CVE record
CVE.org
-
CVE-2025-7011 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7011 was published on 2026-06-12T22:16:49.210Z.