CVE Catalog

CVE-2025-71326

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

AVAST Antivirus version 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges.

Risk Assessment

Attackers can exploit this vulnerability to inject malicious executables that run with high-level system permissions, posing a significant security risk.

Recommendation

It is recommended to update AVAST Antivirus to the latest version to mitigate this vulnerability and review service configurations to secure against unauthorized access.

Original NVD description (English source)

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS