VYPR
High severity7.8NVD Advisory· Published Dec 10, 2025· Updated May 18, 2026

CVE-2025-7073

CVE-2025-7073

Description

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:bitdefender:antivirus:*:*:*:*:free:*:*:*
    Range: <30.0.25.77
  • cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*range: <27.0.47.241
    • (no CPE)range: 0
  • cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:windows:*:*
    Range: <7.9.20.515
  • cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*range: <27.0.47.241
    • (no CPE)range: 0
  • cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*range: <27.0.47.241
    • (no CPE)range: <27.0.47.241
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.