CVE-2025-13032 | THREATINT

Description

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow.

PUBLISHED Reserved 2025-11-11 | Published 2025-11-11 | Updated 2025-11-14 | Assigner NLOK

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Product status

Default status

affected

Any version before 25.3

affected

Default status

affected

Any version before 25.3

affected

Default status

affected

Any version before 25.3

affected

Credits

SAFA Team reporter

References

www.gendigital.com/us/en/contact-us/security-advisories/

cve.org (CVE-2025-13032)

nvd.nist.gov (CVE-2025-13032)

Download JSON

help @ threatint.eu