Description
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions.
Published: 2026-06-19
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unquoted service path flaw (CWE-428) in AVAST Antivirus 25.11’s SecureLine service. It allows a local user to place a malicious executable in the service directory that will run with SYSTEM privileges when the service starts, resulting in local privilege escalation and compromising overall system security.

Affected Systems

The flaw affects Avast’s AVAST Antivirus version 25.11. Systems running this version are vulnerable; no other products or version variants are listed as affected.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity. Because the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, the public exploitation likelihood is unknown, but the local attack vector and high‑severity impact suggest a significant risk to unprotected systems. Attackers must be able to write to the service directory and restart the service to trigger the payload. The lack of remote exposure limits remote exploitation but still requires local access.

Generated by OpenCVE AI on June 19, 2026 at 21:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest AVAST Antivirus release that fixes the unquoted SecureLine service path issue.
  • Verify that the SecureLine service binary path is quoted and contains no spaces or special characters; reconfigure the service if necessary or disable the service.
  • Restrict local account privileges to prevent unprivileged users from writing to the service directory or restarting services.

Generated by OpenCVE AI on June 19, 2026 at 21:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Avast
Avast avast Antivirus
Vendors & Products Avast
Avast avast Antivirus

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions.
Title AVAST Antivirus 25.11 Unquoted Service Path Privilege Escalation
Weaknesses CWE-428
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Avast Avast Antivirus
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T14:16:54.853Z

Reserved: 2026-06-08T20:44:31.210Z

Link: CVE-2025-71326

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T21:30:17Z

Weaknesses
  • CWE-428

    Unquoted Search Path or Element