Local Privilege Escalation Vulnerability in AVG TuneUp by AVG Technologies
CVE-2024-13959

7.8HIGH

Key Information:

Vendor: Avg
Status: Tuneup
Vendor: CVE Published:; 9 May 2025

What is CVE-2024-13959?

A local privilege escalation vulnerability exists in TuneupSvc.exe within AVG TuneUp 24.2.16593.9844 for Windows. This issue permits local attackers to escalate their privileges and execute arbitrary code within the SYSTEM context. By creating a symbolic link and leveraging the service, an attacker can manipulate directory deletion, thereby gaining unauthorized access to higher-level permissions and control over the system.

Affected Version(s)

TuneUp Windows 24.2.16593.9844

TuneUp Windows 24.3.17165.10564

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 9, 2025

Credit

Vladislav Berghici of Trend Micro

Zero Day Initiative

Avg

What is CVE-2024-13959?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit