CVE-2025-7006

Vulnerability

A use-after-free on the stack exists in the virus definition scanning engine shared by Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux. The flaw is triggered when the scan routine processes a malformed Windows PE file. Affected versions are those with virus definition builds before VPS 25022500 [1].

Exploitation

An attacker can send a specifically crafted PE file to a target system. No special authentication or network position is required beyond the ability to deliver the file to a location the antivirus will scan (e.g., via email, web download, or local write access). When the antivirus engine parses the malformed PE file, the stack memory corruption occurs, causing the process to crash [1].

Impact

Successful exploitation causes the antivirus process to terminate, resulting in a denial-of-service condition. The security software stops providing real-time protection until manually restarted. There is no indication of information disclosure or code execution [1].

Mitigation

Gen Digital released virus definition update VPS 25002500 on or before 2026-06-12, which remediates the issue. All installations with a build at or above that version are unaffected. Users should ensure automatic updates are enabled or manually apply the latest virus definitions [1].