CVE-2025-3500 PUBLISHED

Integer Overflow in Avast Antiviurs 25.1.981.6 on Windows may result in privilege escalation

Assigner: NLOK
Reserved: 10.04.2025 Published: 01.12.2025 Updated: 02.12.2025

Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVSS Score: 9

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Avast
Product	Antivirus
Versions	Default: affected affected from 25.1.981.6 to 25.3 (excl.)

Solutions

Upgrade to version 25.3 (or newer) released 01/APR/2025

Credits

Baris Akkaya reporter
Trend Micro Zero Day Initiative other

References

https://www.gendigital.com/us/en/contact-us/security-advisories/

Problem Types

CWE-190 Integer Overflow or Wraparound CWE

Impacts

CAPEC-233 Privilege Escalation