Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-7073

Опубликовано: 10 дек. 2025
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bitdefender:antivirus:*:*:*:*:free:*:*:*
Версия до 30.0.25.77 (исключая)
cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*
Версия до 27.10.45.497 (исключая)
cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:windows:*:*
Версия до 7.9.20.515 (исключая)
cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*
Версия до 27.10.45.497 (исключая)
cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*
Версия до 27.10.45.497 (исключая)

EPSS

Процентиль: 5%
0.00021
Низкий

7.8 High

CVSS3

Дефекты

CWE-59

Связанные уязвимости

github логотип

GHSA-9247-4234-vwrq

CVSS3: 7.8
github
около 2 месяцев назад

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

EPSS

Процентиль: 5%
0.00021
Низкий

7.8 High

CVSS3

Дефекты

CWE-59