CVE-2025-4134 | THREATINT

Description

Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.

PUBLISHED Reserved 2025-04-30 | Published 2025-05-28 | Updated 2025-05-28 | Assigner NLOK

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Default status

unaffected

4.5.1 (customLack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files.)

affected

Credits

FIS Securtiy reporter

Nông Hoàng Tú finder

References

www.gendigital.com/us/en/contact-us/security-advisories/

cve.org (CVE-2025-4134)

nvd.nist.gov (CVE-2025-4134)

Download JSON