AVAST Antivirus 25.11 - Unquoted Service Path
AVAST Antivirus version 25. 11 contains an unquoted service path vulnerability. This flaw allows local non-privileged users to execute arbitrary code with SYSTEM-level privileges by exploiting the way the service path is configured without quotes. The vulnerability affects the SecureLine service binary path. No official patch or vendor advisory is provided in the data. Exploit code demonstrating the issue is publicly available.
AI Analysis
Technical Summary
The vulnerability in AVAST Antivirus 25.11 is due to an unquoted service path for the SecureLine service executable. This misconfiguration can be exploited by a local attacker to place a malicious executable in a path segment that is interpreted incorrectly by the Windows service loader, resulting in execution with elevated SYSTEM privileges. The exploit code confirms the service path is unquoted and runs under the LocalSystem account. This is a local privilege escalation vulnerability.
Potential Impact
Successful exploitation allows a local attacker to escalate privileges from a non-privileged user to SYSTEM level, potentially leading to full control over the affected system. This can compromise system integrity and confidentiality.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. In the absence of an official fix, mitigation involves manually correcting the service path to be properly quoted or restricting write permissions on the service executable path to prevent malicious file placement. Monitor vendor channels for updates.
Indicators of Compromise
- exploit-code: # Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Date: 2025-12-17 # Vendor Homepage:https://www.avast.com/ # Software Link : https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx # Tested Version: 25.11 # Tested on OS: Windows 11 Description AVAST Antivirus 25.11 an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions. PoC C:\>sc qc SecureLine [SC] QueryServiceConfig CORRECTO NOMBRE_SERVICIO: SecureLine TIPO : 10 WIN32_OWN_PROCESS TIPO_INICIO : 2 AUTO_START CONTROL_ERROR : 1 NORMAL NOMBRE_RUTA_BINARIO: C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe GRUPO_ORDEN_CARGA : ETIQUETA : 0 NOMBRE_MOSTRAR : Avast SecureLine DEPENDENCIAS : NOMBRE_INICIO_SERVICIO: LocalSystem
AVAST Antivirus 25.11 - Unquoted Service Path
Description
AVAST Antivirus version 25. 11 contains an unquoted service path vulnerability. This flaw allows local non-privileged users to execute arbitrary code with SYSTEM-level privileges by exploiting the way the service path is configured without quotes. The vulnerability affects the SecureLine service binary path. No official patch or vendor advisory is provided in the data. Exploit code demonstrating the issue is publicly available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in AVAST Antivirus 25.11 is due to an unquoted service path for the SecureLine service executable. This misconfiguration can be exploited by a local attacker to place a malicious executable in a path segment that is interpreted incorrectly by the Windows service loader, resulting in execution with elevated SYSTEM privileges. The exploit code confirms the service path is unquoted and runs under the LocalSystem account. This is a local privilege escalation vulnerability.
Potential Impact
Successful exploitation allows a local attacker to escalate privileges from a non-privileged user to SYSTEM level, potentially leading to full control over the affected system. This can compromise system integrity and confidentiality.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. In the absence of an official fix, mitigation involves manually correcting the service path to be properly quoted or restricting write permissions on the service executable path to prevent malicious file placement. Monitor vendor channels for updates.
Technical Details
- Edb Id
- 52510
- Has Exploit Code
- true
- Code Language
- text
Indicators of Compromise
Exploit Source Code
Exploit code for AVAST Antivirus 25.11 - Unquoted Service Path
# Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Date: 2025-12-17 # Vendor Homepage:https://www.avast.com/ # Software Link : https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx # Tested Version: 25.11 # Tested on OS: Windows 11 Description AVAST Antivirus 25.11 an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevate... (602 more characters)
Threat ID: 69ec2f5087115cfb68b9e9dc
Added to database: 4/25/2026, 3:04:48 AM
Last enriched: 4/25/2026, 3:05:03 AM
Last updated: 4/25/2026, 8:25:09 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.