Local Privilege Escalation Issue in Avast Cleanup Premium by Gen Digital Inc.
CVE-2024-13962

7.8HIGH

Key Information:

Vendor: Avast
Status: Cleanup Premium
Vendor: CVE Published:; 9 May 2025

What is CVE-2024-13962?

A local privilege escalation issue has been identified in the TuneupSvc component of Avast Cleanup Premium, allowing local attackers to escalate their privileges and execute arbitrary code. This vulnerability occurs through the creation of a symbolic link, exploiting a TOCTTOU (time-of-check to time-of-use) scenario, specifically on Windows 10 Pro x64 systems. Users are recommended to apply patches and updates immediately to mitigate potential risks.

Affected Version(s)

CleanUp Premium Windows 24.2.16593.17810

CleanUp Premium Windows 24.3.17165.19178

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 9, 2025

Credit

Vladislav Berghici of Trend Micro

Zero Day Initiative