Local File Verification Flaw in Avast Business Antivirus for Linux
CVE-2025-4134

7.3HIGH

Key Information:

Vendor: Avast
Status: Avast Business Antivirus
Vendor: CVE Published:; 28 May 2025

What is CVE-2025-4134?

A vulnerability exists in Avast Business Antivirus for Linux wherein the software fails to adequately verify the authenticity of update files, specifically during the do_update_vps process. This oversight allows local users to potentially spoof or modify update files without detection, posing a security threat to the integrity of the antivirus software. Proper file validation is crucial in preventing unauthorized changes that could lead to system compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Avast Business Antivirus Linux 4.5.1

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Apr 30, 2025

Credit

FIS Securtiy

Nông Hoàng Tú

JSON

Avast

What is CVE-2025-4134?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.