CP
cyberpings

AVAST Antivirus 25.11 - Critical Unquoted Service Path Flaw

A critical vulnerability in AVAST Antivirus 25.11 allows local users to execute code with elevated privileges. This flaw poses serious security risks, prompting immediate attention from users. Stay informed about potential patches and safeguard your system.

VulnerabilitiesHIGHUpdated: Published:
Featured image for AVAST Antivirus 25.11 - Critical Unquoted Service Path Flaw

Original Reporting

EDExploit-DB

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, a flaw in AVAST Antivirus lets users run harmful code as an administrator.

The Flaw

AVAST Antivirus version 25.11 has been found to contain a critical unquoted service path vulnerability. This issue arises when the service path is not properly quoted, allowing attackers to exploit it. Specifically, local non-privileged users can execute malicious code with elevated SYSTEM privileges.

What's at Risk

The vulnerability allows attackers to inject malicious executables into the service path, which will be executed with high-level system permissions. This could lead to a complete system compromise, making it a significant risk for users of AVAST Antivirus.

Patch Status

Currently, there is no CVE assigned to this vulnerability, and it remains unpatched. Users are advised to monitor for updates from AVAST regarding this issue.

Immediate Actions

To mitigate the risk, users should: This vulnerability highlights the importance of proper service configuration in software applications. Users are encouraged to take proactive measures to secure their systems against potential exploits.

Containment

  • 1.Review service paths for unquoted entries in their AVAST installation.
  • 2.Limit user privileges on systems running AVAST Antivirus to prevent unauthorized access.

🔒 Pro Insight

🔒 Pro insight: The unquoted service path vulnerability in AVAST could lead to widespread exploitation if not addressed promptly, especially in enterprise environments.

EDExploit-DB
Read Original

Share

Related Pings

Preview image for Microsoft GitHub RCE Vulnerability - Critical Flaw Fixed
Vulnerabilities
HIGH

Microsoft GitHub RCE Vulnerability - Critical Flaw Fixed

A critical flaw in a Microsoft GitHub repository allowed remote code execution via issue submissions. This vulnerability could have exposed sensitive tokens, risking significant misuse. Microsoft has since fixed the issue, but it highlights the need for better security practices.

SCSC Media
Read PingRead Source
Preview image for Throttlestop Kernel Driver - Privilege Escalation Vulnerability
Vulnerabilities
HIGH

Throttlestop Kernel Driver - Privilege Escalation Vulnerability

A critical vulnerability in the Throttlestop kernel driver could allow attackers to gain elevated privileges on Windows systems. This poses a significant security risk. Users should take immediate action to protect their systems.

EDExploit-DB
Read PingRead Source
Preview image for Anthropic Bets on EPSS to Manage Vulnerability Surge
Vulnerabilities
HIGH

Anthropic Bets on EPSS to Manage Vulnerability Surge

Anthropic's Mythos accelerates vulnerability discovery, prompting a need for effective prioritization. EPSS offers a way to manage the influx of new vulnerabilities. Security leaders are adapting to this rapid change, but challenges remain in critical sectors.

CSCSO Online
Read PingRead Source
Preview image for Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution
Vulnerabilities
CRITICAL

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution

A critical flaw in Cohere AI's Terrarium sandbox allows attackers to execute code with root privileges. This poses a significant risk to sensitive data. Users are urged to take immediate action to secure their systems.

THThe Hacker News
Read PingRead Source
Preview image for CrowdStrike LogScale - Critical Path Traversal Vulnerability
Vulnerabilities
CRITICAL

CrowdStrike LogScale - Critical Path Traversal Vulnerability

CrowdStrike has alerted users about a critical vulnerability in LogScale that allows remote attackers to read server files without authentication. Self-hosted customers must upgrade immediately to avoid risks. The company has already mitigated the threat for SaaS users.

CSCyber Security News
Read PingRead Source
Preview image for Oracle April 2026 Critical Patch Update Addresses 241 CVEs, Highlights Critical Vulnerabilities
Vulnerabilities Widely Reported (4 sources)
HIGH

Oracle April 2026 Critical Patch Update Addresses 241 CVEs, Highlights Critical Vulnerabilities

Oracle's April 2026 Critical Patch Update addresses 241 CVEs with 481 patches, including critical vulnerabilities across multiple product families, emphasizing the importance of timely patch management.

TETenable Blog+3 more
Read PingRead Source