CVE-2025-10905
📋 TL;DR
A local privilege escalation vulnerability in Avast Free Antivirus allows attackers with administrative privileges to disable real-time protection and self-defense mechanisms. This affects Windows users running Avast Free Antivirus versions before 25.9. The vulnerability stems from a collision in the MiniFilter driver.
💻 Affected Systems
- Avast Free Antivirus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with administrative access could disable all antivirus protection, leaving the system vulnerable to malware, ransomware, and other threats without detection.
Likely Case
Malicious insiders or compromised admin accounts could disable antivirus protection to deploy additional malware or conduct further attacks undetected.
If Mitigated
With proper access controls limiting administrative privileges, the attack surface is significantly reduced, though the vulnerability still exists in the software.
🎯 Exploit Status
Exploitation requires administrative privileges and knowledge of the collision vulnerability in the MiniFilter driver.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 25.9 or later
Vendor Advisory: https://www.gendigital.com/us/en/contact-us/security-advisories/
Restart Required: Yes
Instructions:
1. Open Avast Free Antivirus. 2. Navigate to Settings > Update. 3. Click 'Update' to download and install version 25.9 or later. 4. Restart the computer when prompted.
🔧 Temporary Workarounds
Restrict Administrative Privileges
windowsLimit the number of users with administrative privileges to reduce attack surface.
Monitor Antivirus Service Status
windowsImplement monitoring to detect when Avast real-time protection or self-defense is disabled.
🧯 If You Can't Patch
- Implement strict access controls to limit administrative privileges to essential personnel only.
- Deploy additional endpoint detection and response (EDR) solutions to monitor for antivirus tampering.
🔍 How to Verify
Check if Vulnerable:
Check Avast version in Settings > About. If version is below 25.9, the system is vulnerable.Check Version:
wmic product where "name like 'Avast%'" get versionVerify Fix Applied:
Verify Avast version is 25.9 or higher in Settings > About and confirm real-time protection is enabled and functioning.📡 Detection & Monitoring
Log Indicators:
- Event logs showing Avast services being stopped or disabled
- Security logs showing unauthorized attempts to modify antivirus settings
Network Indicators:
- Unusual outbound connections following antivirus disablement
SIEM Query:
EventID=7036 AND ServiceName="Avast Antivirus" AND (State="stopped" OR State="disabled")