CVE-2025-71326

Description

AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that execute with high-level system permissions.

References

• https://www.avast.com/
• https://www.exploit-db.com/exploits/52510
• https://www.vulncheck.com/advisories/avast-antivirus-unquoted-service-path-privilege-escalation