Local Privilege Escalation in Avast Cleanup Premium on Windows 10 Pro
CVE-2024-13961

7.8HIGH

Key Information:

Vendor: Avast
Status: Cleanup Premium
Vendor: CVE Published:; 9 May 2025

What is CVE-2024-13961?

A local privilege escalation vulnerability exists in the TuneupSvc component of Avast Cleanup Premium. This issue allows local attackers to exploit a symbolic link and perform a TOCTTOU (time-of-check to time-of-use) attack, potentially leading to arbitrary code execution in the SYSTEM context. Users are advised to apply necessary patches and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

CleanUp Premium Windows 24.2.16593.17810

CleanUp Premium Windows 24.3.17165.19178

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 9, 2025

Credit

Vladislav Berghici of Trend Micro Research

Zero Day Initiative