CVE-2020-25289
MEDIUMAVAST SecureLine VPN < 5.6.4982.470 - Arbitrary File Write via Symbolic Link
Title source: llmDescription
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Scores
CVSS v3
5.5
EPSS
0.0045
EPSS Percentile
35.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (1)
avast/secureline_vpn
< 5.6.4982.470
Published
Sep 13, 2020
Tracked Since
Feb 18, 2026