PatchSiren cyber security CVE debrief
CVE-2025-7019 Gen Digital CVE debrief
A stack overflow vulnerability exists in Avast Antivirus when scanning a malformed Office Open XML file. This issue may allow a Denial-of-Service (DoS) of the antivirus process. The vulnerability affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25020100. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream, which also feeds other Gen Digital products that embed the same engine. Mitigation is available through this update channel; installations at or above the listed build are not vulnerable, regardless of which product consumes the stream.
- Vendor
- Gen Digital
- Product
- Avast Antivirus
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux who have not updated to virus definition build VPS 25020100 or later should consider updating to prevent potential Denial-of-Service attacks.
Technical summary
The vulnerability is caused by a stack overflow when scanning a malformed Office Open XML file. This can lead to a Denial-of-Service of the antivirus process. The issue has a CVSS score of 5.5 and a severity rating of MEDIUM.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to virus definition build VPS 25020100 or later to mitigate the vulnerability.
- Ensure that all installations are running with the latest virus definition updates.
Evidence notes
The CVE record and details were obtained from the official CVE.org and NVD sources. [See ${cve-org} for CVE details and ${nvd} for NVD vulnerability details]. Additional information was obtained from Gen Digital's security advisories [see ${ref-4}].
Official resources
-
CVE-2025-7019 CVE record
CVE.org
-
CVE-2025-7019 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7019 was published on ${cvePublishedAt} and last modified on ${cveModifiedAt}.