Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Avast Business Antivirus by Avast
CVE-2025-4134 (GCVE-0-2025-4134)
Vulnerability from nvd – Published: 2025-05-28 13:53 – Updated: 2025-05-28 14:06
VLAI
EPSS
VEX
Title
Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files
Summary
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Avast Business Antivirus |
Affected:
4.5.1
(customLack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files.)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T14:06:29.597667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T14:06:40.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Avast Business Antivirus",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "4.5.1",
"versionType": "customLack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "FIS Securtiy"
},
{
"lang": "en",
"type": "finder",
"value": "N\u00f4ng Ho\u00e0ng T\u00fa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.\u003c/p\u003e"
}
],
"value": "Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write."
}
],
"impacts": [
{
"capecId": "CAPEC-148",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-148 Content Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:53:33.351Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in V4.6 released 03/FEB/2025, ugrade to latest version."
}
],
"value": "Fixed in V4.6 released 03/FEB/2025, ugrade to latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2025-4134",
"datePublished": "2025-05-28T13:53:26.499Z",
"dateReserved": "2025-04-30T12:38:11.230Z",
"dateUpdated": "2025-05-28T14:06:40.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4134 (GCVE-0-2025-4134)
Vulnerability from cvelistv5 – Published: 2025-05-28 13:53 – Updated: 2025-05-28 14:06
VLAI
EPSS
VEX
Title
Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files
Summary
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Avast Business Antivirus |
Affected:
4.5.1
(customLack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files.)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T14:06:29.597667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T14:06:40.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Avast Business Antivirus",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "4.5.1",
"versionType": "customLack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files."
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "FIS Securtiy"
},
{
"lang": "en",
"type": "finder",
"value": "N\u00f4ng Ho\u00e0ng T\u00fa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.\u003c/p\u003e"
}
],
"value": "Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write."
}
],
"impacts": [
{
"capecId": "CAPEC-148",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-148 Content Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:53:33.351Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in V4.6 released 03/FEB/2025, ugrade to latest version."
}
],
"value": "Fixed in V4.6 released 03/FEB/2025, ugrade to latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2025-4134",
"datePublished": "2025-05-28T13:53:26.499Z",
"dateReserved": "2025-04-30T12:38:11.230Z",
"dateUpdated": "2025-05-28T14:06:40.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}