CVE-2025-8351
📋 TL;DR
A heap-based buffer overflow and out-of-bounds read vulnerability in Avast Antivirus for macOS allows local attackers to execute arbitrary code or cause denial-of-service by scanning a specially crafted malicious file. This affects macOS users running vulnerable versions of Avast Antivirus. The vulnerability requires local access to the system.
💻 Affected Systems
- Avast Antivirus for macOS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full system control through arbitrary code execution, potentially installing persistent malware, stealing data, or compromising the entire system.
Likely Case
Local denial-of-service of the antivirus engine process, leaving the system unprotected against other threats while the service is down.
If Mitigated
Limited impact if antivirus is running with minimal privileges and proper sandboxing, though DoS is still possible.
🎯 Exploit Status
Requires local access to create/place malicious file and trigger antivirus scan. No public exploit details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.3.70.98 or later
Vendor Advisory: https://www.gendigital.com/us/en/contact-us/security-advisories/
Restart Required: Yes
Instructions:
1. Open Avast Antivirus on macOS. 2. Go to Menu > Check for Updates. 3. Install available updates. 4. Restart the system if prompted.
🔧 Temporary Workarounds
Disable real-time scanning
allTemporarily disable real-time file scanning to prevent triggering the vulnerability
Open Avast Antivirus > Preferences > Shields > Disable File Shield
Restrict local user access
linuxLimit which users can place files in directories scanned by Avast
sudo chmod 750 /path/to/scanned/directories
🧯 If You Can't Patch
- Implement strict file upload controls and scanning of user-uploaded content before it reaches the system
- Run Avast Antivirus with minimal privileges and in sandboxed environment if possible
🔍 How to Verify
Check if Vulnerable:
Check Avast version in application or run: /Applications/Avast.app/Contents/MacOS/Avast -vCheck Version:
/Applications/Avast.app/Contents/MacOS/Avast -vVerify Fix Applied:
Verify version is 8.3.70.98 or higher using the same command📡 Detection & Monitoring
Log Indicators:
- Avast process crashes or unexpected termination
- High CPU/memory usage by Avast processes before crash
- Failed scan attempts on specific file patterns
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
process_name:"Avast" AND (event_type:"crash" OR exit_code:139 OR signal:11)