cvedb.io
CVE-2025-7073
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-12-10T10:16:02.330 · Last modified 2026-06-17T10:04:12.380

Summary

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

Affected products

bitdefender — antivirus

Does this affect you?

Add your gear to cvedb and we'll alert you only when bitdefender ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.