CVE-2025-8351 is a heap-based buffer overflow vulnerability classified under CWE-122 and CWE-125, discovered in Avast Antivirus for MacOS versions starting from 8.3.70.94 and fixed in versions after 8.3.70.98. The vulnerability occurs during the scanning of malformed files, where improper bounds checking leads to out-of-bounds reads and writes on the heap. This memory corruption can be exploited by an attacker to execute arbitrary code locally or cause a denial-of-service by crashing the antivirus engine process. The flaw does not require any privileges or user interaction, but the attack complexity is high, likely due to the need to craft a specific malformed file that triggers the overflow reliably. The vulnerability impacts confidentiality, integrity, and availability, as arbitrary code execution could allow an attacker to bypass security controls or disrupt antivirus operations. The CVSS 3.1 score is 9.0 (critical), with vector AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating network attack vector, high complexity, no privileges or user interaction, and scope change with high impact on confidentiality, integrity, and availability. No public exploits or active exploitation have been reported yet, but the critical nature demands immediate attention. Avast users on MacOS should monitor for patches and apply updates promptly to mitigate risk.

For European organizations, this vulnerability poses a significant risk especially for those relying on Avast Antivirus on MacOS endpoints. Successful exploitation could lead to local code execution, allowing attackers to disable or manipulate antivirus defenses, potentially facilitating further compromise or data exfiltration. The denial-of-service impact could disrupt endpoint protection, leaving systems exposed to other threats. Given the critical CVSS score and the potential for scope change, the vulnerability threatens the confidentiality, integrity, and availability of affected systems. Organizations in sectors with high MacOS usage such as finance, technology, and government are particularly vulnerable. The lack of required privileges or user interaction lowers the barrier for exploitation once a malicious file is introduced, increasing risk in environments where file sharing or downloads are common. The absence of known exploits in the wild provides a window for proactive mitigation, but the critical severity necessitates urgent patching and monitoring.

1. Immediately monitor Avast’s official channels for the release of a security patch addressing CVE-2025-8351 and apply updates to all MacOS endpoints running affected versions. 2. Until patches are available, implement strict file handling policies to limit exposure to untrusted or malformed files, including disabling automatic scanning of files from unverified sources. 3. Employ network-level controls to restrict the transfer of potentially malicious files, such as email filtering and web proxy scanning. 4. Use endpoint detection and response (EDR) tools to monitor for unusual behavior indicative of exploitation attempts, such as crashes or unexpected process terminations of the antivirus engine. 5. Conduct user awareness training focused on safe file handling practices to reduce the likelihood of introducing malformed files. 6. Consider deploying additional layers of security on MacOS devices, such as application whitelisting and sandboxing, to limit the impact of potential code execution. 7. Regularly audit and inventory MacOS systems to ensure no outdated Avast versions remain in use. 8. Collaborate with Avast support for guidance and incident response readiness in case of exploitation.