CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files

🗓️ 28 May 2025 13:53:26Reported by NLOKType

Lack of file validation in Avast Antivirus allows local users to tamper with update files.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the do_update_vps() function in the Avast Business Antivirus for Linux antivirus tool allows attackers to perform spoofing attacks.	3 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-4134	28 May 202515:02	–	circl
CNNVD	Avast Business Antivirus 安全漏洞	28 May 202500:00	–	cnnvd
CVE	CVE-2025-4134	28 May 202513:53	–	cve
EUVD	EUVD-2025-16299	3 Oct 202520:07	–	euvd
NVD	CVE-2025-4134	28 May 202514:15	–	nvd
Positive Technologies	PT-2025-23086 · Avast · Avast Business Antivirus For Linux	28 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-4134	30 May 202513:54	–	redhatcve
Vulnrichment	CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files	28 May 202513:53	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Avast Business Antivirus",
    "vendor": "Avast",
    "versions": [
      {
        "status": "affected",
        "version": "4.5.1",
        "versionType": "customLack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files."
      }
    ]
  }
]

Source	Link
gendigital	www.gendigital.com/us/en/contact-us/security-advisories/

28 May 2025 13:53Current

CVSS 3.17.3

EPSS0.00177

CWE-552