Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver.<\/p>\n
The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM on Windows 11 if successfully exploited.<\/p>\n
The research focused on Avast\u2019s sandbox implementation, a component designed to isolate untrusted processes.<\/p>\n
To reach the vulnerable code paths, the team first had to understand and manipulate Avast\u2019s custom sandbox <\/a>profile.<\/p>\n Since the most critical IOCTL handlers in aswSnx are accessible only to sandboxed processes, not to regular user processes.<\/p>\n By analyzing Avast\u2019s kernel drivers and IOCTL interfaces, the researchers identified aswSnx as the most promising target due to its large number of user-accessible IOCTL handlers.<\/p>\n Within these handlers, SAFA found several cases where user-controlled data from user space was improperly handled in kernel space.<\/p>\n In particular, multiple \u201cdouble fetch\u201d conditions allowed the length of user-supplied strings to be changed between validation, allocation, and copy operations, leading to controlled kernel heap overflows.<\/p>\n Additional issues included unsafe use of string functions and missing pointer validation, which could be exploited to cause local denial-of-service attacks.<\/a><\/p>\n Altogether, the team reported four kernel heap overflow vulnerabilities and two local system DoS issues affecting Avast 25.2.9898.0 and potentially other Gendigital products that share the same driver code.<\/p>\n Exploiting these bugs required first registering an attacker-controlled process into the Avast sandbox via a specific IOCTL that updates the sandbox configuration.<\/p>\n Once inside the sandbox, the attacker could trigger the vulnerable IOCTLs and achieve local privilege escalation to SYSTEM. Avast responded quickly, issuing patches that corrected the double-fetch patterns.<\/p>\n Enforce proper bounds checking on string operations, and add missing validity checks before dereferencing user pointers.<\/p>\n According to the timeline shared by SAFA<\/a>, most vulnerabilities were fixed within about 12 days of initial acceptance, with CVE-2025-13032 officially published on November 11, 2025.<\/p>\n The SAFA team says these findings show that serious kernel flaws can still be discovered in widely used security tools through careful manual checks and innovative techniques.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n