CVE-2025-8351
Published: 01 December 2025
Description
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Security Summary
CVE-2025-8351 is a heap-based buffer overflow and out-of-bounds read vulnerability (CWE-122, CWE-125) in Avast Antivirus on macOS. The issue arises when the software scans a malformed file, potentially leading to local code execution or denial-of-service of the antivirus engine process. It affects Avast Antivirus versions from 8.3.70.94 before 8.3.70.98 and was published on 2025-12-01T16:15:57.857 with a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Attackers require no privileges or user interaction and can exploit the vulnerability over the network, though it demands high attack complexity. Successful exploitation grants high-impact confidentiality, integrity, and availability violations with a changed scope, enabling local code execution within the antivirus process or denial-of-service that disrupts the engine.
Gen Digital has published a security advisory with details on mitigation, available at https://www.gendigital.com/us/en/contact-us/security-advisories/. Users should update to Avast Antivirus version 8.3.70.98 or later to address the vulnerability.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables remote heap buffer overflow in Avast Antivirus on macOS for local code execution or DoS on the AV engine process, directly facilitating Exploitation for Defense Evasion and Disable or Modify Tools.