CVE-2025-7010

June 12, 2026, 10:16 p.m.

5.5
Medium

Description

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25021208. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

Product(s) Impacted

Vendor Product Versions
Avast
  • Avast Antivirus
  • Avast One
  • Avast Business Antivirus
  • <25021208
  • <25021208
  • <25021208
Avg
  • Avg Antivirus
  • <25021208
Norton
  • Norton Antivirus
  • <25021208

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-674
Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a avast avast_antivirus <25021208 / / / / / / /
a avg avg_antivirus <25021208 / / / / / / /
a norton norton_antivirus <25021208 / / / / / / /
a avast avast_one <25021208 / / / / / / /
a avast avast_business_antivirus <25021208 / / / / / / /

References

https://www.gendigital.com/us/en/contact-us/security-advisories/

Tags

CWE-674
[email protected]
2026-06-12
CVE-2025-7010

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: June 12, 2026, 10:16 p.m.
Last Modified: June 12, 2026, 10:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.