NULL Pointer Dereference Vulnerability in Avast Antivirus for MacOS and Linux
CVE-2025-7007

7.5HIGH

Key Information:

Vendor: Avast
Status: Antivirus; Anitvirus
Vendor: CVE Published:; 1 December 2025

What is CVE-2025-7007?

A NULL Pointer Dereference vulnerability has been identified in Avast Antivirus versions for both MacOS and Linux. This issue arises during the scanning of malformed Windows PE files, leading to a crash of the antivirus process. Users of Avast Antivirus on MacOS and Linux should be aware of this vulnerability to ensure their systems remain secure while the manufacturer works on a resolution.

Affected Version(s)

Anitvirus Linux 3.0.3

Antivirus MacOS 16.0.0

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Jul 2, 2025

Credit

Mike Zhang

JSON