High severity7.8NVD Advisory· Published Dec 10, 2025· Updated May 18, 2026
CVE-2025-7073
CVE-2025-7073
Description
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*range: <27.0.47.241
- (no CPE)range: 0
- cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:windows:*:*Range: <7.9.20.515
cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*range: <27.0.47.241
- (no CPE)range: 0
cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*range: <27.0.47.241
- (no CPE)range: <27.0.47.241
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.