CVE-2025-8351 PUBLISHED

Scanning a malformed file in Avast Antivirus 8.3.70.94 on MacOS may result in remote code execution

Assigner: NLOK
Reserved: 30.07.2025 Published: 01.12.2025 Updated: 01.12.2025

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Avast
Product	Antivirus
Versions	Default: affected affected from 8.3.70.94 to 8.3.70.98 (excl.)

Solutions

Upgrade to version 8.3.70.98 (13/JUN/2025) or newer.

Credits

Mike Zhang reporter

References

https://www.gendigital.com/us/en/contact-us/security-advisories/

Problem Types

CWE-122 Heap-based Buffer Overflow CWE
CWE-125 Out-of-bounds Read CWE

Impacts

CAPEC-549 Local Execution of Code