CVE-2025-66680
Received Received - Intake
Arbitrary File Deletion in WiseCleaner Wise Force Deleter

Publication date: 2026-03-03

Last updated on: 2026-03-05

Assigner: MITRE

Description
An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66680
EUVD
EUVD-2025-208237
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wisecleaner wise_force_deleter to 1.5.7.59 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-66680 is a vulnerability in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter version 7.3.2 and earlier. This vulnerability allows attackers to delete arbitrary files on a Windows system by sending a specially crafted request to the vulnerable driver.

Wise Force Deleter is a utility designed to forcibly unlock and delete files that are otherwise undeletable due to access restrictions or being in use by other processes. The vulnerability can be exploited by an attacker with local administrator privileges who can place the driver file in the Windows directory and execute a crafted binary to delete specified files.

Impact Analysis

This vulnerability can allow an attacker with local administrator access to delete arbitrary files on your system, including critical system files. This can lead to system instability, denial of service, or loss of important data.

Because the attacker can delete files that are normally protected or in use, it bypasses typical Windows file access restrictions, increasing the risk of damage or disruption.

Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability involves checking for the presence and use of the vulnerable WiseDelfile64.sys driver and the Wise Force Deleter application version 1.5.7.59 or earlier on the system.

One approach is to verify if the driver file WiseDelfile64.sys exists in the C:\Windows directory, as the exploit involves placing this driver there.

Additionally, monitoring for suspicious execution of binaries that attempt to delete arbitrary files, especially those run with administrator privileges, can help detect exploitation attempts.

Specific commands that may assist in detection include:

  • Using PowerShell or Command Prompt to check for the driver file: `dir C:\Windows\WiseDelfile64.sys`
  • Listing loaded drivers to see if WiseDelfile64.sys is active: `sc queryex WiseDelfile64` or `driverquery | findstr WiseDelfile64`
  • Checking installed software versions to identify if Wise Force Deleter 1.5.7.59 or earlier is present.
Mitigation Strategies

Immediate mitigation steps include removing or updating the vulnerable Wise Force Deleter software to a version later than 1.5.7.59 that does not contain the vulnerability.

Ensure that the WiseDelfile64.sys driver is not present in the C:\Windows directory or is not loaded as a driver.

Restrict local administrator privileges to trusted users only, as exploitation requires local admin rights.

Monitor and audit file deletion activities, especially those initiated by Wise Force Deleter or related processes.

If possible, uninstall Wise Force Deleter until a secure version is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66680. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart