Security researchers have disclosed four critical kernel heap overflow vulnerabilities (collectively CVE-2025-13032) in the Avast Antivirus `aswSnx` kernel driver. These flaws allow a local attacker to escape the antivirus sandbox and escalate privileges to SYSTEM level on Windows 11.
Business Impact
Vulnerabilities in security software are particularly dangerous as they run with the highest privileges. An attacker who has already gained a foothold (e.g., via phishing) can use this flaw to disable defenses, gain total control of the endpoint, and persist deeply within the OS.
Why It Happened
The vulnerabilities stem from “double fetch” race conditions in how the kernel driver handles user data, allowing attackers to manipulate memory allocations and trigger a buffer overflow.
Recommended Executive Action
Ensure all endpoints running Avast (or Gen Digital products sharing the same driver) are updated to version 25.2.9898.0 or later. Verify that your endpoint management systems are successfully pushing these updates to all remote workers.
Hashtags: #Avast #Vulnerability #Kernel #PrivilegeEscalation #SandboxEscape #EndpointSecurity #CyberSecurity #InfoSec