PT-2025-20562 · Avg · Avg Tuneup
Vladislav Berghici
·
Published
2025-05-09
·
Updated
2025-07-29
·
CVE-2024-13959
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AVG TuneUp version 24.2.16593.9844
Description
The issue allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory. This is achieved by exploiting the
TuneupSvc.exe in AVG TuneUp on Windows.Recommendations
For AVG TuneUp version 24.2.16593.9844, consider disabling the
TuneupSvc.exe service as a temporary workaround until a patch is available. Restrict access to the vulnerable service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.LPE
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avg Tuneup