PatchSiren cyber security CVE debrief
CVE-2025-9033 Gen Digital CVE debrief
A heap buffer out-of-bounds read vulnerability was discovered in the Avira Antivirus engine. This issue occurs when the engine scans a malformed PDF file, potentially allowing for Local Execution of Code or Denial-of-Service of the antivirus engine process. The vulnerability affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76.
- Vendor
- Gen Digital
- Product
- Avira Antivirus
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Avira Antivirus on Windows, macOS, and Linux with engine builds before 8.3.70.76 should be aware of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. It is characterized by a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF file.
Defensive priority
HIGH
Recommended defensive actions
- Update Avira Antivirus engine to build 8.3.70.76 or later.
Evidence notes
The CVE record was published on June 12, 2026, and no modifications have been made since then.
Official resources
-
CVE-2025-9033 CVE record
CVE.org
-
CVE-2025-9033 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-9033 was published on 2026-06-12T23:16:31.193Z.