CVE-2025-7019: CWE-121 Stack-based Buffer Overflow in Gen Digital Avast Antivirus
CVE-2025-7019 is a stack-based buffer overflow vulnerability in Gen Digital's Avast Antivirus products when scanning malformed Office Open XML files. This flaw may cause a denial-of-service condition by crashing the antivirus process. The vulnerability affects multiple Gen Digital antivirus products on Windows, macOS, and Linux platforms using virus definition builds prior to VPS 25020100. The scanning logic is shared across these products via a common virus definition update stream. Versions at or above virus definition build VPS 25020100 are not vulnerable.
AI Analysis
Technical Summary
This vulnerability is a stack-based buffer overflow (CWE-121) in the scanning engine of Gen Digital's Avast Antivirus and related products triggered by malformed Office Open XML files. It can cause denial-of-service by crashing the antivirus process. The affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux. The vulnerability is present in virus definition builds before VPS 25020100. The shared virus definition update stream delivers the vulnerable scanning logic, and updating to VPS 25020100 or later mitigates the issue regardless of the specific product using the engine.
Potential Impact
Successful exploitation results in denial-of-service of the antivirus process, potentially disrupting malware scanning and protection. There is no indication of confidentiality or integrity impact. The vulnerability requires local access to scan a crafted Office Open XML file and user interaction to trigger the scan. The CVSS v3.1 base score is 5.5 (medium severity), reflecting local attack vector, low complexity, no privileges required, user interaction needed, and impact limited to availability.
Mitigation Recommendations
Updating virus definitions to build VPS 25020100 or later fully mitigates this vulnerability. Since the scanning logic is delivered via the virus definition update stream, ensuring that antivirus products receive and apply this update removes the vulnerability. There is no separate patch or fix required beyond applying the updated virus definitions. Users should verify their antivirus products have virus definitions at or above VPS 25020100.
CVE-2025-7019: CWE-121 Stack-based Buffer Overflow in Gen Digital Avast Antivirus
Description
CVE-2025-7019 is a stack-based buffer overflow vulnerability in Gen Digital's Avast Antivirus products when scanning malformed Office Open XML files. This flaw may cause a denial-of-service condition by crashing the antivirus process. The vulnerability affects multiple Gen Digital antivirus products on Windows, macOS, and Linux platforms using virus definition builds prior to VPS 25020100. The scanning logic is shared across these products via a common virus definition update stream. Versions at or above virus definition build VPS 25020100 are not vulnerable.
CVSS v3.1
Score 5.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability is a stack-based buffer overflow (CWE-121) in the scanning engine of Gen Digital's Avast Antivirus and related products triggered by malformed Office Open XML files. It can cause denial-of-service by crashing the antivirus process. The affected products include Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus across Windows, macOS, and Linux. The vulnerability is present in virus definition builds before VPS 25020100. The shared virus definition update stream delivers the vulnerable scanning logic, and updating to VPS 25020100 or later mitigates the issue regardless of the specific product using the engine.
Potential Impact
Successful exploitation results in denial-of-service of the antivirus process, potentially disrupting malware scanning and protection. There is no indication of confidentiality or integrity impact. The vulnerability requires local access to scan a crafted Office Open XML file and user interaction to trigger the scan. The CVSS v3.1 base score is 5.5 (medium severity), reflecting local attack vector, low complexity, no privileges required, user interaction needed, and impact limited to availability.
Mitigation Recommendations
Updating virus definitions to build VPS 25020100 or later fully mitigates this vulnerability. Since the scanning logic is delivered via the virus definition update stream, ensuring that antivirus products receive and apply this update removes the vulnerability. There is no separate patch or fix required beyond applying the updated virus definitions. Users should verify their antivirus products have virus definitions at or above VPS 25020100.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GEN
- Date Reserved
- 2025-07-02T12:03:39.699Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2c871ee617e2d834ccceef
Added to database: 6/12/2026, 10:24:30 PM
Last enriched: 6/12/2026, 10:40:17 PM
Last updated: 6/13/2026, 1:14:17 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.