CVE Catalog

CVE-2025-7018

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

CVE-2025-7018 involves a null pointer dereference vulnerability in the Avira Antivirus engine when scanning a malformed Windows PE file, potentially leading to a Denial-of-Service of the antivirus engine process.

Risk Assessment

This vulnerability may cause the antivirus engine to become unavailable, exposing systems to malware threats.

Recommendation

It is recommended to update the Avira Antivirus engine to version 8.3.70.64 or later to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.64.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS