CVE-2025-7073
🟡 Monitoruj
Wzrost uprawnień w Bitdefender Total Security pozwala atakującym na eskalację uprawnień.
CVSS
7.8
EPSS
0.0%
Exploit
none
Vendor
bitdefender
Opis źródłowy (NVD)
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
privilege-escalation
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2025-12-10 10:16:02 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-31 12:16:26 UTC |
Referencje
- https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590 (cve-requests@bitdefender.com) [Vendor Advisory]