CVE-2025-7018

Vulnerability

A null pointer dereference vulnerability exists in the Avira Antivirus engine when scanning a malformed Windows PE file. This issue affects engine builds prior to 8.3.70.64 on Windows, macOS, and Linux platforms. The vulnerability is triggered during the parsing of a specially crafted PE file, leading to a crash of the antivirus engine process. [1]

Exploitation

An attacker can exploit this vulnerability by providing a malformed Windows PE file to the Avira Antivirus engine for scanning. This can be achieved through various vectors such as email attachments, web downloads, or file system access. No authentication or user interaction is required if the antivirus is configured to automatically scan files. The attacker crafts a PE file that causes a null pointer dereference in the engine's parsing code, resulting in a denial-of-service condition.

Impact

Successful exploitation results in a denial-of-service of the Avira Antivirus engine process. This leaves the system temporarily unprotected until the engine is restarted. No further impact such as code execution or data compromise has been reported for this vulnerability.

Mitigation

The vulnerability is fixed in Avira Antivirus engine build 8.3.70.64 and later. Users should update their antivirus software to the latest version to mitigate the risk. No workarounds are available. The issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date. [1]