CVE-2025-71326
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
AVAST Antivirus version 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges.
Risk Assessment
Attackers can exploit this vulnerability to inject malicious executables that run with high-level system permissions, posing a significant security risk.
Recommendation
It is recommended to update AVAST Antivirus to the latest version to mitigate this vulnerability and review service configurations to secure against unauthorized access.
Original NVD description (English source)
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions.

