CVE-2025-7006: CWE-590 Free of Memory not on the Heap in Gen Digital Avast Antivirus
CVE-2025-7006 is a use-after-free vulnerability in Gen Digital's Avast Antivirus scanning engine affecting multiple antivirus products on Windows, macOS, and Linux. The flaw occurs when scanning a malformed Windows PE file, potentially causing a denial-of-service (DoS) of the antivirus process. The vulnerability is present in virus definition builds prior to VPS 25022500. The issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus, all of which share the same virus definition update stream. Installations with virus definition builds at or above VPS 25022500 are not vulnerable.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-7006) is a use-after-free (CWE-590) in the scanning logic of Gen Digital's antivirus products, triggered by scanning a malformed Windows PE file. It leads to the use of stack memory after it has been freed, causing a denial-of-service condition by crashing the antivirus process. The affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux platforms. The vulnerability is tied to virus definition builds before VPS 25022500. The shared virus definition update stream delivers the vulnerable scanning logic to all affected products. Updating virus definitions to VPS 25022500 or later mitigates the issue.
Potential Impact
Successful exploitation of this vulnerability can cause a denial-of-service of the antivirus process, potentially disrupting antivirus protection. There is no indication of confidentiality or integrity impact. The attack vector is local (AV:L) with low attack complexity and no privileges required, but user interaction is needed. The overall impact is limited to availability.
Mitigation Recommendations
Updating virus definitions to version VPS 25022500 or later fully mitigates this vulnerability. Since the scanning logic is delivered through a shared virus definition update stream, ensuring the antivirus product is updated to use virus definitions at or above this build removes the vulnerability. No additional action is required beyond applying the virus definition update. No official patch for the antivirus software itself is indicated; the vendor manages remediation through virus definition updates.
CVE-2025-7006: CWE-590 Free of Memory not on the Heap in Gen Digital Avast Antivirus
Description
CVE-2025-7006 is a use-after-free vulnerability in Gen Digital's Avast Antivirus scanning engine affecting multiple antivirus products on Windows, macOS, and Linux. The flaw occurs when scanning a malformed Windows PE file, potentially causing a denial-of-service (DoS) of the antivirus process. The vulnerability is present in virus definition builds prior to VPS 25022500. The issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus, all of which share the same virus definition update stream. Installations with virus definition builds at or above VPS 25022500 are not vulnerable.
CVSS v3.1
Score 5.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-7006) is a use-after-free (CWE-590) in the scanning logic of Gen Digital's antivirus products, triggered by scanning a malformed Windows PE file. It leads to the use of stack memory after it has been freed, causing a denial-of-service condition by crashing the antivirus process. The affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux platforms. The vulnerability is tied to virus definition builds before VPS 25022500. The shared virus definition update stream delivers the vulnerable scanning logic to all affected products. Updating virus definitions to VPS 25022500 or later mitigates the issue.
Potential Impact
Successful exploitation of this vulnerability can cause a denial-of-service of the antivirus process, potentially disrupting antivirus protection. There is no indication of confidentiality or integrity impact. The attack vector is local (AV:L) with low attack complexity and no privileges required, but user interaction is needed. The overall impact is limited to availability.
Mitigation Recommendations
Updating virus definitions to version VPS 25022500 or later fully mitigates this vulnerability. Since the scanning logic is delivered through a shared virus definition update stream, ensuring the antivirus product is updated to use virus definitions at or above this build removes the vulnerability. No additional action is required beyond applying the virus definition update. No official patch for the antivirus software itself is indicated; the vendor manages remediation through virus definition updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GEN
- Date Reserved
- 2025-07-02T07:45:21.338Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2c871ae617e2d834ccce19
Added to database: 6/12/2026, 10:24:26 PM
Last enriched: 6/12/2026, 10:40:34 PM
Last updated: 6/13/2026, 4:57:54 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.