CVE-2025-7073
- Source
- https://cve.org/CVERecord?id=CVE-2025-7073
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7073.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-7073
- Published
- 2025-12-10T10:16:02.330Z
- Modified
- 2026-03-13T03:50:35.991476Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
- References
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "30.0.25.77"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "27.10.45.497"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.9.20.515"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "27.10.45.497"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "27.10.45.497"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7073.json"