CVE-2025-3025

HIGH 7.3

CCleaner Link Following Local Privilege Escalation Vulnerability

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before < 6.36.11508.

CWE	CWE-552
Vendor	gen digital
Product	ccleaner
Published	Sep 15, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for gen digital ccleaner

Be the first to know when new high vulnerabilities affecting gen digital ccleaner are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Gen Digital / CCleaner

6.33.11465 < < 6.36.11508

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gendigital.com: https://www.gendigital.com/us/en/contact-us/security-advisories/

Credits

Dong-uk Kim (@justlikebono) Trend Micro, the Zero Day Initiative (ZDI) ZDI-CAN-26474