Avast and AVG: Critical Security Vulnerability Quietly Patched
In the virus scanners of Avast and AVG, attackers could escalate their privileges in the system. The manufacturer quietly distributed updates.
(Image: Balefire / Shutterstock.com)
A critical security vulnerability was present in the malware protection programs of the Avast and AVG brands. This has now been closed, as has another, less severe one in Avast Free Antivirus.
Now the manufacturer Gen Digital, registered under the brand NortonLifeLock as CNA and capable of creating CVE entries, has published vulnerability entries for them. According to this, a double-fetch was found in the shared code of Avast and AVG for the kernel driver of the sandbox in the Windows version, which local attackers could have misused to escalate their privileges (CVE-2025-13032, CVSS 9.8, Risk “critical”). Versions before 25.3 were affected. The manufacturer apparently released this on April 9th, as can be seen from a forum post. However, it only mentions “fixes to increase product stability and performance” – the provider does not transparently speak of a critical security vulnerability.
In the free software Avast Free Antivirus, there was also a 'collision in the MiniFilter driver' which was not explained in detail. Local attackers with administrator rights could have disabled the real-time protection and defense mechanisms of the security software (CVE-2025-10905, CVSS 4.4, Risk “medium”). The developers corrected the security-relevant error with version 25.9. Gen Digital has been distributing this since mid-September, as a forum post reveals – also only with the non-committal explanation “fixes to increase product stability and performance in various components.”
Consolidated Code
Under the Gen Digital umbrella, the antivirus brands Avast, Avira, AVG, and Norton/Symantec have been integrated. At least during the acquisition of AVG by Avast, code parts were removed and merged, so that under the slightly adapted user interfaces with different brands, largely the same codebase is actually running. This is likely similar with code components from Avira and Norton. Therefore, a vulnerability usually affects several Gen Digital products at once.
Videos by heise
Due to the automatic update mechanisms, security vulnerabilities can usually be patched quickly – unless users have disabled them, which can happen in corporate networks or is common in isolated networks. In these cases, IT managers rely on timely information about vulnerabilities to distribute updates quickly. The fact that information about a vulnerability is only published more than half a year after it has been closed is actually unacceptable for admins in this context.
In May, security vulnerabilities in some products from Gen Digital were last announced. The manufacturer did not provide any further information beyond vulnerable components and versions at that time.
(dmk)
