PatchSiren cyber security CVE debrief
CVE-2025-7018 Gen Digital CVE debrief
A Null pointer dereference vulnerability was discovered in the Avira Antivirus engine when scanning a malformed Windows PE file. This issue may allow a Denial-of-Service (DoS) of the antivirus engine process. The vulnerability affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.
- Vendor
- Gen Digital
- Product
- Avira Antivirus
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avira Antivirus on Windows, macOS, and Linux, particularly those with engine builds before 8.3.70.64, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM. It is characterized as a CWE-476 vulnerability.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the Avira Antivirus engine to build 8.3.70.64 or later.
- Ensure that the antivirus software is properly configured and maintained.
Evidence notes
The CVE record was published on June 12, 2026, and has not been modified since then. The vulnerability was reported by an unknown vendor, potentially Gendigital, based on the provided evidence.
Official resources
-
CVE-2025-7018 CVE record
CVE.org
-
CVE-2025-7018 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7018 was published on 2026-06-12T22:16:49.467Z.