8.8
CVE-2025-7073
- EPSS 0.03%
- Veröffentlicht 10.12.2025 09:46:40
- Zuletzt bearbeitet 12.12.2025 15:18:42
- Quelle cve-requests@bitdefender.com
- CVE-Watchlists
- Unerledigt
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerBitdefender
≫
Produkt
Total Security
Default Statusunaffected
Version <
27.10.45.497
Version
0
Status
affected
HerstellerBitdefender
≫
Produkt
Internet Security
Default Statusunaffected
Version <
27.10.45.497
Version
0
Status
affected
HerstellerBitdefender
≫
Produkt
Antivirus Plus
Default Statusunaffected
Version <
27.10.45.497
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.083 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve-requests@bitdefender.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.