CVE-2025-3500

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions 25.1.981.6 through 25.2.981.6 Avast Free Antivirus versions 25.1.981.6 through 25.2.981.6

Description An integer overflow or wraparound issue exists in Avast Antivirus. Successful exploitation of this issue could allow an attacker to escalate privileges and potentially execute arbitrary code within the kernel. The vulnerability is present in versions prior to 25.3. An attacker can leverage this vulnerability to gain local-to-SYSTEM privilege escalation.

Recommendations Update Avast Antivirus to version 25.3 or later. Update Avast Free Antivirus to version 25.3 or later.

Fix

LPE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2025-3500

ZDI-25-256

Affected Products

Avast Free Antivirus

CVE-2025-3500

Weakness Enumeration

Related Identifiers

Affected Products

References · 13