Local Privilege Escalation in Bitdefender Total Security by Bitdefender
CVE-2025-7073

8.8HIGH

Key Information:

Vendor: Bitdefender
Status: Total Security; Internet Security; Antivirus Plus
Vendor: CVE Published:; 10 December 2025

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2025-7073?

A local privilege escalation vulnerability in Bitdefender Total Security allows low-privileged attackers to escalate their privileges. This vulnerability takes advantage of the bdservicehost.exe process, which improperly deletes files from a writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation. Consequently, this oversight enables arbitrary file deletion. Furthermore, it can be exploited in conjunction with a file copy operation during network events and a filter driver bypass through DLL injection to allow arbitrary file copy and code execution with elevated privileges.

Affected Version(s)

Antivirus Plus 0 < 27.10.45.497

Internet Security Windows 0 < 27.10.45.497

Total Security Windows 0 < 27.10.45.497

References

https://www.bitdefender.com/support/security-advisories/l...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Jul 4, 2025

Credit

Filip Dragovic (@filip_dragovic)

JSON