Local File Verification Flaw in Avast Business Antivirus for Linux
CVE-2025-4134

7.3HIGH

Key Information:

Vendor: Avast
Status: Avast Business Antivirus
Vendor: CVE Published:; 28 May 2025

What is CVE-2025-4134?

A vulnerability exists in Avast Business Antivirus for Linux wherein the software fails to adequately verify the authenticity of update files, specifically during the do_update_vps process. This oversight allows local users to potentially spoof or modify update files without detection, posing a security threat to the integrity of the antivirus software. Proper file validation is crucial in preventing unauthorized changes that could lead to system compromise.

Affected Version(s)

Avast Business Antivirus Linux 4.5.1

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Apr 30, 2025

Credit

FIS Securtiy

Nông Hoàng Tú