CVE-2025-7019

Vulnerability

A stack overflow vulnerability exists in the virus definition scanning logic of Avast Antivirus and related Gen Digital products (Avast, AVG, Norton, Avast One, Avast Business) on Windows, macOS, and Linux. The flaw is triggered when the antivirus engine scans a specially crafted Office Open XML file. Affected versions are those with virus definition builds before VPS 25020100 [1].

Exploitation

An attacker can exploit this vulnerability by delivering a malformed Office Open XML file to a target system, such as via email attachment or download. No authentication or user interaction beyond the automatic scanning of the file by the antivirus is required. The scanning process will encounter the malformed file and cause a stack overflow, leading to a denial-of-service of the antivirus process.

Impact

Successful exploitation results in a denial-of-service condition where the antivirus process crashes, potentially leaving the system temporarily unprotected until the process is restarted. The vulnerability does not allow code execution or privilege escalation; the impact is limited to availability.

Mitigation

The vulnerability is mitigated by updating the virus definitions to VPS 25020100 or later. The fix is delivered through the Gen Digital virus definition update stream; installations that have received this update are no longer vulnerable. No workaround is available; users should ensure their antivirus software is set to automatically update virus definitions [1].