CVE-2025-67905
Received Received - Intake
Insecure Log Deletion in Malwarebytes AdwCleaner Enables Privilege Escalation

Publication date: 2026-02-17

Last updated on: 2026-02-17

Assigner: MITRE

Description
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an attacker must create a file in a given folder path and intercept the application log file deletion flow.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-02-17
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67905
EUVD
EUVD-2025-207699
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
malwarebytes adwcleaner to 8.7.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67905 is a privilege escalation vulnerability in Malwarebytes AdwCleaner versions prior to 8.7.0. The application runs with Administrator privileges and performs an insecure log file deletion operation where the target file path is user-controllable.

This flaw allows a non-administrative user to create a symbolic link that points to a sensitive system file or location. By doing so, the attacker can trick the application into deleting or modifying files it normally should not, enabling them to escalate their privileges to SYSTEM level.

The vulnerability is related to improper privilege management and is classified under CWE-269.

Impact Analysis

This vulnerability allows a local non-administrative user to escalate their privileges to SYSTEM level on the affected machine.

With SYSTEM privileges, an attacker can gain full control over the system, potentially leading to unauthorized access, data manipulation, installation of malicious software, or disruption of system operations.

Because the attack requires local access and involves manipulating symbolic links to exploit insecure file deletion, it poses a high severity risk in environments where untrusted users have access.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves Malwarebytes AdwCleaner versions prior to 8.7.0 running as Administrator and performing an insecure log file deletion operation where the target location is user-controllable. Detection would involve checking if an affected version of AdwCleaner is installed and looking for suspicious symbolic links created by non-admin users that point to sensitive system files.

Suggested commands to detect potential exploitation attempts or presence of symbolic links in the log file deletion path include:

  • On Windows, use PowerShell to find symbolic links in the relevant directories: Get-ChildItem -Path <log_file_directory> -Recurse -Attributes ReparsePoint
  • Check the version of Malwarebytes AdwCleaner installed: Open Malwarebytes AdwCleaner and verify the version number is 8.7.0 or later, or use command line to check installed programs.
  • Monitor for unusual file creation or symbolic link creation by non-admin users in the directories used by AdwCleaner for log files.
Mitigation Strategies

The primary and recommended mitigation step is to upgrade Malwarebytes AdwCleaner to version 8.7.0 or later, where this privilege escalation vulnerability has been patched.

Until the upgrade can be applied, restrict non-administrative users from creating files or symbolic links in the directories used by AdwCleaner for log files to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67905. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart