CVE-2025-7002
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
CVE-2025-7002 describes a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine that may occur when scanning a malformed PDF file. This may allow local code execution or denial-of-service of the antivirus engine process.
Risk Assessment
This issue may lead to unauthorized system access or disruption of antivirus software functionality, increasing the risk of malware infection.
Recommendation
It is recommended to update the Avira Antivirus engine to version 8.3.70.68 or later to mitigate this vulnerability.
Original NVD description (English source)
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.68.

