CVE-2025-7011
Received Received - Intake
Heap out-of-bounds read in Avast Antivirus

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: NortonLifeLock Inc.

Description
Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds from 25020100 before 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-13
EPSS Evaluated
N/A
NVD
CVE-2025-7011
EUVD
EUVD-2025-210130
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
avast avast_antivirus From 25020100 (inc) to 25021208 (exc)
avast avg_antivirus From 25020100 (inc) to 25021208 (exc)
norton_lifelock norton_antivirus From 25020100 (inc) to 25021208 (exc)
avast avast_one From 25020100 (inc) to 25021208 (exc)
avast avast_business_antivirus From 25020100 (inc) to 25021208 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap out-of-bounds read issue found in Avast Antivirus products when scanning a malformed zip file that contains XML data. It can lead to local execution of code or cause a denial-of-service condition in the antivirus process.

Impact Analysis

The vulnerability can allow an attacker to execute code locally on your system or cause the antivirus process to crash, resulting in denial-of-service. This could compromise the security of your device by bypassing antivirus protections or causing interruptions in antivirus functionality.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, or Avast Business Antivirus product is updated to virus definition build 25021208 or later.

Installations at or above this build are not vulnerable regardless of which product consumes the virus definition update stream.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7011. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart