cve/2020/CVE-2020-25289.md

### [CVE-2020-25289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25289)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).

### POC

#### Reference
- http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
- http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-25289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25289)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).`

			`### POC`

			`#### Reference`
			`- http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`