CVE-2025-7073

HIGH

Bitdefender Antivirus < 30.0.25.77 - Symlink Following

Title source: rule

Description

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

References (1)

[Vendor Advisory] https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (8)

bitdefender/antivirus < 30.0.25.77

Bitdefender/Antivirus Plus < 27.0.47.241

bitdefender/antivirus_plus < 27.10.45.497

bitdefender/endpoint_security_tools < 7.9.20.515

Bitdefender/Internet Security < 27.0.47.241

bitdefender/internet_security < 27.10.45.497

Bitdefender/Total Security < 27.0.47.241

bitdefender/total_security < 27.10.45.497

Published Dec 10, 2025

Tracked Since Feb 18, 2026