High severity7.3NVD Advisory· Published Apr 15, 2025· Updated Apr 15, 2026

CVE-2025-32780

Description

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.

Patches

5d4bcfd12dff

https://github.com/bleachbit/bleachbitvia osv

dafeba57dcb1

https://github.com/bleachbit/bleachbitvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8nvd
github.com/bleachbit/bleachbit/security/advisories/GHSA-ghph-v4x4-vr3cnvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000