CVE Catalog

CVE-2025-7017

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

CVE-2025-7017 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed Windows MSI file. This may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.

Risk Assessment

This issue may lead to unauthorized access to the system or disruption of antivirus software operation, exposing the organization to malware attacks.

Recommendation

It is recommended to update the Avira Antivirus engine to version 8.3.70.56 or later to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.56.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS