CVE-2025-7073
HIGH EPSS 3.7%
Published Dec 10, 20256mo ago · Modified Jun 17, 20261w ago
8.8 CVSS 4.0
Published Dec 10, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago
Description
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
3.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-59
Affected Products 5
| Vendor | Product | Version | Range |
|---|---|---|---|
| bitdefender | antivirus | * | <30.0.25.77 |
| bitdefender | antivirus_plus | * | <27.0.47.241 |
| bitdefender | endpoint_security_tools | * | <7.9.20.515 |
| bitdefender | internet_security | * | <27.0.47.241 |
| bitdefender | total_security | * | <27.0.47.241 |
References 1
- bitdefender.com https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.