Malicious Loader in CCleaner and CCleaner Cloud by Avast Exposes Users to Data Theft
CVE-2017-20201

9.3CRITICAL

Key Information:

Vendor

Piriform

Status
Ccleaner
Ccleaner Cloud
Vendor
CVE Published:
8 October 2025

What is CVE-2017-20201?

A vulnerability in CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 involved a pre-entry-point loader that redirected program execution, allowing the injection of malicious code. This code decoded an embedded payload and executed it in memory, enabling remote data collection and potential lateral movement within networks. Analysis reveals that the payload was designed to evade detection through various anti-analysis checks and attempted to exfiltrate sensitive user data to predefined command and control servers via HTTPS. The affected versions were swiftly remediated with subsequent releases, addressing the security flaws present.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CCleaner Cloud Windows 1.07.3191

CCleaner Windows 5.33.6162

References

https://blog.avast.com/update-to-the-ccleaner-5.33.6162-s...
vendor-advisory
https://blog.avast.com/progress-on-ccleaner-investigation
vendor-advisory
https://www.ccleaner.com/
product

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Morphisec
Cisco Talos
JSON
.