CVE-2025-71326

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions.

Vulnerability Details

Published Date

June 19, 2026

Last Modified

June 19, 2026

CWE ID

CWE-428

Source

NVD

Vendor

Avast

Product

AVAST Antivirus

External References

https://www.avast.com/
https://www.exploit-db.com/exploits/52510
https://www.vulncheck.com/advisories/avast-antivirus-unquoted-service-path-privilege-escalation

CVE-2025-71326

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment