CVE-2025-13032 PUBLISHED

Assigner: NLOK
Reserved: 11.11.2025 Published: 11.11.2025 Updated: 14.11.2025

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.9

Product Status

Vendor Avast
Product (Free/Premiium/Ultimeat) Antivirus
Versions Default: affected
  • affected from 0 to 25.3 (excl.)
Vendor Avsat
Product One
Versions Default: affected
  • affected from 0 to 25.3 (excl.)
Vendor AVG
Product (Free/Inernet Security/Ultimate) Antivirus
Versions Default: affected
  • affected from 0 to 25.3 (excl.)

Solutions

Upgrade to a version after >= 25.3

Credits

  • SAFA Team reporter

References

Problem Types

  • CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition CWE

Impacts

  • CAPEC-233 Privilege Escalation