Local Privilege Escalation Issue in Avast Cleanup Premium by Gen Digital Inc.
CVE-2024-13962

7.8HIGH

Key Information:

Vendor: Avast
Status: Cleanup Premium
Vendor: CVE Published:; 9 May 2025

What is CVE-2024-13962?

A local privilege escalation issue has been identified in the TuneupSvc component of Avast Cleanup Premium, allowing local attackers to escalate their privileges and execute arbitrary code. This vulnerability occurs through the creation of a symbolic link, exploiting a TOCTTOU (time-of-check to time-of-use) scenario, specifically on Windows 10 Pro x64 systems. Users are recommended to apply patches and updates immediately to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CleanUp Premium Windows 24.2.16593.17810

CleanUp Premium Windows 24.3.17165.19178

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 9, 2025

Credit

Vladislav Berghici of Trend Micro

Zero Day Initiative

JSON

Avast

What is CVE-2024-13962?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.