CVE-2025-7017

Vulnerability

A heap buffer out-of-bounds read vulnerability exists in the Avira Antivirus engine when scanning a specially crafted Windows MSI file. The issue affects engine builds prior to version 8.3.70.56 on Windows, macOS, and Linux platforms. The malformed MSI file triggers an out-of-bounds read in heap memory during parsing.

Exploitation

An attacker with local access to the system can exploit this vulnerability by providing a malformed MSI file to the Avira Antivirus engine for scanning. No authentication is required beyond local file access. The attacker can trigger the out-of-bounds read by placing the malicious MSI file on the system and waiting for the antivirus to scan it (e.g., on-access or on-demand scan). The vulnerability does not require user interaction beyond the normal scanning process.

Impact

Successful exploitation could lead to local execution of arbitrary code or denial of service of the antivirus engine process. If code execution is achieved, the attacker may gain the privileges of the antivirus engine, which typically runs with elevated system privileges. Denial of service would disrupt antivirus protection.

Mitigation

The vulnerability is fixed in Avira Antivirus engine version 8.3.70.56 and later. Users should update to the latest engine version. No workarounds are mentioned in the available references. The issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.