Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total...

8.8 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

AI Analysis

Local privilege escalation vulnerability in Bitdefender Total Security via arbitrary file operation

Basic Information

ID CVE-2025-7073

Source Bitdefender

Published Dec 10, 2025 at 09:46

Affected Product

Vendor Bitdefender

Product Total Security

Version 27.0.46.231

Affected Versions Bitdefender Total Security 0
Bitdefender Internet Security 0
Bitdefender Antivirus Plus 0

CWE Classification

CWE-59

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Bitdefender

Product Bitdefender Total Security

Version 27.0.46.231

References

www.bitdefender.com /support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590

{
    "lastseen": "",
    "description": "A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe\u00a0deleting files from a user-writable directory (C:\\ProgramData\\Atc\\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.",
    "published": "2025-12-10T09:46:40.263Z",
    "modified": "2025-12-10T09:46:40.263Z",
    "type": "cve",
    "title": "Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security",
    "source": "Bitdefender",
    "references": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590",
    "id": "CVE-2025-7073",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "Bitdefender Total Security 0\nBitdefender Internet Security 0\nBitdefender Antivirus Plus 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Total Security",
    "version": "27.0.46.231",
    "vendor": "Bitdefender",
    "ai_description": "Local privilege escalation vulnerability in Bitdefender Total Security via arbitrary file operation",
    "ai_severity": "High",
    "ai_vendor": "Bitdefender",
    "ai_product": "Bitdefender Total Security",
    "ai_version": "27.0.46.231",
    "ai_score": 8.8
}

Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security_CVE-2025-7073