CVE-2025-32780

Source
https://cve.org/CVERecord?id=CVE-2025-32780
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32780.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-32780
Aliases
  • GHSA-ghph-v4x4-vr3c
Published
2025-04-15T16:32:55.622Z
Modified
2026-04-10T05:25:13.206714Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
BleachBit for Windows Has DLL Untrusted Path Vulnerability
Details

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32780.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-427"
    ]
}
References

Affected packages

Git / github.com/bleachbit/bleachbit

Affected ranges

Type
GIT
Repo
https://github.com/bleachbit/bleachbit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*
v1.0
v1.1
v1.10
v1.12
v1.17
v1.19
v1.2
v1.3
v1.4
v1.6
v1.7.7
v1.8
v1.9.2
v1.9.3
v1.9.4
v2.*
v2.0
v2.3
v3.*
v3.0
v3.1.0
v3.2.0
v3.9.0
v3.9.2
v4.*
v4.0.0
v4.1.0
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.4.2
v4.5.0
v4.5.1
v4.6.0
v4.6.1
v4.6.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32780.json"