CVE-2025-67905
Insecure Log Deletion in Malwarebytes AdwCleaner Enables Privilege Escalation
Publication date: 2026-02-17
Last updated on: 2026-02-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| malwarebytes | adwcleaner | to 8.7.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67905 is a privilege escalation vulnerability in Malwarebytes AdwCleaner versions prior to 8.7.0. The application runs with Administrator privileges and performs an insecure log file deletion operation where the target file path is user-controllable.
This flaw allows a non-administrative user to create a symbolic link that points to a sensitive system file or location. By doing so, the attacker can trick the application into deleting or modifying files it normally should not, enabling them to escalate their privileges to SYSTEM level.
The vulnerability is related to improper privilege management and is classified under CWE-269.
How can this vulnerability impact me? :
This vulnerability allows a local non-administrative user to escalate their privileges to SYSTEM level on the affected machine.
With SYSTEM privileges, an attacker can gain full control over the system, potentially leading to unauthorized access, data manipulation, installation of malicious software, or disruption of system operations.
Because the attack requires local access and involves manipulating symbolic links to exploit insecure file deletion, it poses a high severity risk in environments where untrusted users have access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Malwarebytes AdwCleaner versions prior to 8.7.0 running as Administrator and performing an insecure log file deletion operation where the target location is user-controllable. Detection would involve checking if an affected version of AdwCleaner is installed and looking for suspicious symbolic links created by non-admin users that point to sensitive system files.
Suggested commands to detect potential exploitation attempts or presence of symbolic links in the log file deletion path include:
- On Windows, use PowerShell to find symbolic links in the relevant directories: Get-ChildItem -Path <log_file_directory> -Recurse -Attributes ReparsePoint
- Check the version of Malwarebytes AdwCleaner installed: Open Malwarebytes AdwCleaner and verify the version number is 8.7.0 or later, or use command line to check installed programs.
- Monitor for unusual file creation or symbolic link creation by non-admin users in the directories used by AdwCleaner for log files.
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation step is to upgrade Malwarebytes AdwCleaner to version 8.7.0 or later, where this privilege escalation vulnerability has been patched.
Until the upgrade can be applied, restrict non-administrative users from creating files or symbolic links in the directories used by AdwCleaner for log files to prevent exploitation.