PT-2025-23086 · Avast · Avast Business Antivirus For Linux
Fis Securtiy
·
Published
2025-05-28
·
Updated
2025-06-02
·
CVE-2025-4134
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Avast Business Antivirus for Linux version 4.5
Description
The issue is related to a lack of file validation in the
do update vps function, allowing a local user to potentially spoof or tamper with update files through unverified file writes.Recommendations
For Avast Business Antivirus for Linux version 4.5, consider restricting access to the
do update vps function until a patch is available. As a temporary workaround, ensure that all update files are thoroughly verified before installation to minimize the risk of exploitation.Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avast Business Antivirus For Linux