CVE-2025-7011

Vulnerability

A heap out-of-bounds read vulnerability exists in the scanning engine used by multiple Gen Digital consumer antivirus products, including Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus. The bug is triggered when the scanner processes a specially crafted ZIP archive that contains XML content. This code path is reachable during normal on-access or on-demand scanning. Affected versions are those running virus definition builds from 25020100 up to (but not including) 25021208, on Windows, macOS, and Linux platforms.

Exploitation

An attacker must supply a malformed ZIP file containing XML to the target system. This can be delivered through email attachments, downloads, or any other vector that prompts the antivirus to scan the file. No authentication or user interaction beyond typical file access is required. The heap out-of-bounds read occurs during the parsing of the malformed archive, potentially corrupting memory or causing the scanning process to crash.

Impact

Successful exploitation can lead to local code execution with the privileges of the antivirus process, or a denial-of-service condition by repeatedly crashing the scanning engine. The impact is local; an attacker does not gain remote code execution across the network.

Mitigation

The vulnerability is fixed in virus definition build 25021208 and later. Users must ensure their antivirus virus definitions are updated to at least this version, which is delivered automatically through the Gen Digital virus definition update stream. No workaround exists; installations at or above the fixed build are not vulnerable. This CVE is not known to be listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.