CVE-2025-7073
BaseFortify
Publication date: 2025-12-10
Last updated on: 2026-03-31
Assigner: Bitdefender
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bitdefender | total_security | 27.0.46.231 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue in Bitdefender Total Security 27.0.46.231. It occurs because the process bdservicehost.exe deletes files from a user-writable directory (C:\ProgramData\Atc\Feedback) without properly validating symbolic links. This flaw allows a low-privileged attacker to create symbolic links that cause arbitrary files to be deleted. The vulnerability is further exploited through a chain involving a file copy operation during network events and a filter driver bypass via DLL injection, ultimately enabling arbitrary file copy and code execution with elevated privileges.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges on the affected system to escalate their privileges to a higher level, potentially gaining administrative or system-level access. This could lead to unauthorized file deletion, arbitrary file copying, and execution of malicious code with elevated rights, compromising the security and integrity of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for the presence of vulnerable versions of Bitdefender products, specifically versions earlier than 27.0.46.231 for Total Security. Additionally, monitoring the directory C:\ProgramData\Atc\Feedback for suspicious symbolic links or unexpected file deletions can indicate exploitation attempts. Commands to list symbolic links in that directory on Windows PowerShell include: Get-ChildItem -Path 'C:\ProgramData\Atc\Feedback' -Recurse | Where-Object { $_.LinkType -ne $null } To check the version of Bitdefender Total Security installed, use: Get-ItemProperty 'HKLM:\Software\Bitdefender\Product' | Select-Object -ExpandProperty Version [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Bitdefender products to the fixed versions: Bitdefender Total Security, Internet Security, and Antivirus Plus to version 27.10.45.497 or later; Antivirus Free to version 30.0.25.77 or later; and Endpoint Security Tools for Windows to version 7.9.20.515 or later. Applying these updates will resolve the vulnerability by fixing the improper symbolic link validation and preventing arbitrary file deletion and privilege escalation. [1]