Local Privilege Escalation Vulnerability in AVG TuneUp by AVG Technologies
CVE-2024-13960

7.8HIGH

Key Information:

Vendor: Avg
Status: Tuneup
Vendor: CVE Published:; 9 May 2025

What is CVE-2024-13960?

A security issue has been identified in AVG TuneUp for Windows 10, where a local privilege escalation vulnerability exists due to improper handling of symbolic links within the TuneUp service. This flaw enables an attacker with local access to escalate their privileges and execute arbitrary code in the context of the SYSTEM account. Exploiting this vulnerability involves creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack, which can lead to significant security breaches. Users are urged to secure their systems by updating to the latest version provided by AVG Technologies.

Affected Version(s)

TuneUp Windows 23.4

TuneUp Windows 24.1 31.7.2024

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 9, 2025

Credit

Zero Day Initiative

Avg

What is CVE-2024-13960?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit