CVE-2025-7004

Vulnerability

A heap buffer out-of-bounds write vulnerability exists in the virus scanning engine used by Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux. The flaw is triggered when the scanner processes a malformed Windows PE file. Affected virus definition builds are those before VPS 25040308.

Exploitation

An attacker with local access or the ability to deliver a malformed PE file (e.g., via email, download, or removable media) can exploit this vulnerability. No authentication is required; the overflow occurs automatically when the antivirus scans the malicious file. The malformed PE file causes a heap buffer write beyond allocated bounds during parsing.

Impact

Successful exploitation can lead to arbitrary code execution with the privileges of the antivirus process, typically SYSTEM, resulting in full system compromise. Alternatively, the attacker could cause a denial-of-service by crashing the scanning process.

Mitigation

The vulnerability is fixed in virus definition build VPS 25040308. Users should ensure their antivirus definitions are updated to this version or later. Updates are delivered automatically through the Gen Digital update channel. No workaround is necessary as long as definitions are current.

Reference: [1]