Malicious Loader in CCleaner and CCleaner Cloud by Avast Exposes Users to Data Theft
CVE-2017-20201

9.3CRITICAL

Key Information:

Vendor: Piriform
Status: Ccleaner; Ccleaner Cloud
Vendor: CVE Published:; 8 October 2025

What is CVE-2017-20201?

A vulnerability in CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 involved a pre-entry-point loader that redirected program execution, allowing the injection of malicious code. This code decoded an embedded payload and executed it in memory, enabling remote data collection and potential lateral movement within networks. Analysis reveals that the payload was designed to evade detection through various anti-analysis checks and attempted to exfiltrate sensitive user data to predefined command and control servers via HTTPS. The affected versions were swiftly remediated with subsequent releases, addressing the security flaws present.

Affected Version(s)

CCleaner Cloud Windows 1.07.3191

CCleaner Windows 5.33.6162

References

https://blog.avast.com/update-to-the-ccleaner-5.33.6162-s...

vendor-advisory

https://blog.avast.com/progress-on-ccleaner-investigation

vendor-advisory

https://www.ccleaner.com/

product

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2025
Vulnerability Reserved
Oct 8, 2025

Credit

Morphisec

Cisco Talos

JSON