🔐 CVE Alert

CVE-2025-7073

UNKNOWN 0.0

Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
6th

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

CWE CWE-59
Vendor bitdefender
Product total security
Published Dec 10, 2025
Last Updated Mar 31, 2026
Stay Ahead of the Next One

Get instant alerts for bitdefender total security

Be the first to know when new unknown vulnerabilities affecting bitdefender total security are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Bitdefender / Total Security
0 < 27.0.47.241
Bitdefender / Internet Security
0 < 27.0.47.241
Bitdefender / Antivirus Plus
0 < 27.0.47.241

References

NVD ↗ CVE.org ↗ EPSS Data ↗
bitdefender.com: https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590

Credits

Filip Dragovic (@filip_dragovic)