{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-7073","assignerOrgId":"b3d5ebe7-963e-41fb-98e1-2edaeabb8f82","state":"PUBLISHED","assignerShortName":"Bitdefender","dateReserved":"2025-07-04T15:58:42.058Z","datePublished":"2025-12-10T09:46:40.263Z","dateUpdated":"2026-03-31T11:43:59.146Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b3d5ebe7-963e-41fb-98e1-2edaeabb8f82","shortName":"Bitdefender","dateUpdated":"2026-03-31T11:43:59.146Z"},"title":"Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security","datePublic":"2025-12-10T09:36:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-59","description":"CWE-59 Improper Link Resolution Before File Access ('Link Following')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-132","descriptions":[{"lang":"en","value":"CAPEC-132 Symlink Attack"}]}],"affected":[{"vendor":"Bitdefender","product":"Total Security","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"27.0.47.241","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Bitdefender","product":"Internet Security","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"27.0.47.241","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Bitdefender","product":"Antivirus Plus","versions":[{"status":"affected","version":"0","lessThan":"27.0.47.241","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\\ProgramData\\Atc\\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.","supportingMedia":[{"type":"text/html","base64":false,"value":"A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241&nbsp;allows low-privileged attackers to elevate privileges. The issue arises from <code>bdservicehost.exe</code>&nbsp;deleting files from a user-writable directory (<code>C:\\ProgramData\\Atc\\Feedback</code>) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."}]}],"references":[{"url":"https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":8.8,"vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}],"solutions":[{"lang":"en","value":"An automatic update to product version 27.0.47.241 fixes the issue","supportingMedia":[{"type":"text/html","base64":false,"value":"An automatic update to product version 27.0.47.241&nbsp;fixes the issue"}]}],"credits":[{"lang":"en","value":"Filip Dragovic (@filip_dragovic)","type":"finder"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-7073","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-12-11T04:55:19.145047Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:21:06.522Z"}}]}}