A critical integer overflow vulnerability has been identified in multiple Avast Antivirus products on the Windows platform. This flaw, designated CVE-2025-3500 with a CVSS score of 9, can be exploited by an attacker to escalate privileges, potentially allowing them to gain full administrative control over an affected system. Successful exploitation could lead to a complete compromise of the system's confidentiality, integrity, and availability.

The vulnerability is an integer overflow or wraparound condition within a component of Avast Antivirus on Windows. An authenticated local attacker could exploit this by providing a specially crafted input that causes a numerical value within the application to exceed its maximum limit and "wrap around" to a small or negative number. This can lead to a memory allocation error or buffer overflow, which can then be leveraged by the attacker to execute arbitrary code with SYSTEM-level privileges, effectively bypassing all local security controls.

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9. An attacker who successfully exploits this flaw can escalate their privileges from a standard user to a full system administrator. This level of access would allow the attacker to disable security controls, install persistent malware such as ransomware or spyware, exfiltrate sensitive corporate data, and pivot to other systems on the network. The impact includes severe reputational damage, financial loss, and potential regulatory penalties depending on the data compromised.

Immediate Action: Immediately update all instances of Avast Antivirus to version 25.3 or a later patched version as specified by the vendor. Prioritize patching on critical endpoints, servers, and systems handling sensitive information. After patching, it is crucial to monitor for any signs of exploitation and review system and application access logs for anomalous activity.

Proactive Monitoring: Security teams should monitor for unusual process behavior originating from Avast services (e.g., AvastSvc.exe spawning cmd.exe or powershell.exe). Scrutinize Windows Event Logs for unexpected application crashes or errors related to Avast components. Endpoint Detection and Response (EDR) systems should be configured to alert on attempts to modify critical system files or create new services by unauthorized processes.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Enforce the principle of least privilege for all user accounts to limit an attacker's initial access. Utilize application control or whitelisting solutions to prevent the execution of unauthorized code. A properly configured EDR solution may also provide behavioral-based detections that could block post-exploitation activity.

Public Exploit Available: False

Due to the critical severity (CVSS 9) and the potential for a complete system compromise, it is strongly recommended that organizations prioritize the immediate patching of CVE-2025-3500. All Windows systems running the affected versions of Avast Antivirus should be updated to version 25.3 or newer without delay. Although this vulnerability is not yet on the CISA KEV list, its high impact makes it an attractive target for attackers, and organizations should act proactively to mitigate this significant risk.