CVE-2025-7073
Description
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Bitdefender Total Security prior to 27.0.47.241 lets low-privileged users delete arbitrary files via unvalidated symlinks, chained with copy and DLL injection for local privilege escalation.
Vulnerability
Overview
CVE-2025-7073 is a local privilege escalation vulnerability in Bitdefender's Active Threat Control (ATC) module, affecting Total Security, Internet Security, Antivirus Plus, Antivirus Plus, Antivirus Free, and Endpoint Security Tools for Windows prior to specific patched versions [1]. The root cause is that bdservicehost.exe deletes files from the user-writable directory C:\ProgramData\Atc\Feedback without validating symbolic links, allowing a low-privileged attacker to delete arbitrary files on the system [1].
Exploitation
Chain
Exploitation requires local access and low privileges. The attacker first leverages the unvalidated symlink deletion to remove a critical file. This is chained with a file copy operation that occurs during network events during network events, combined with a filter driver bypass achieved via DLL injection [1]. The chain ultimately enables arbitrary file copy and code execution at an elevated privilege level [1].
Impact
A successful attack allows a low-privileged user to gain elevated privileges, potentially leading to full system compromise, including arbitrary code execution with high integrity [1]. The CVSS v4.4.0 score is 7.8 (High) reflecting the high impact on confidentiality, integrity, and availability [1].
Mitigation
Bitdefender has been addressed in automatic updates to the following product versions: Bitdefender Total Security, Internet Security, and Antivirus Plus version 27.0.47.241; Antivirus Free version 30.0.25.77; and Endpoint Security Tools for Windows version 7.9.20.515 [1]. Users should ensure their software is updated to these or later versions.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <27.0.47.241
- Bitdefender/Antivirus Plusv5Range: 0
- Bitdefender/Internet Securityv5Range: 0
- Bitdefender/Total Securityv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.