CVE-2025-7073

HIGH
Published Dec 10, 2025 Modified Mar 31, 2026 CWE-59

Description

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

Is your site exposed to CVE-2025-7073?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-59 CWE-59

Affected Products

Vendor Product
bitdefender antivirus
bitdefender antivirus_plus
bitdefender endpoint_security_tools
bitdefender internet_security
bitdefender total_security

References

Frequently Asked Questions

What is CVE-2025-7073? +
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user. It has a CVSS v3.1 base score of 7.8 (HIGH).
How severe is CVE-2025-7073? +
CVE-2025-7073 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-7073? +
CVE-2025-7073 affects products from bitdefender, specifically: antivirus, antivirus_plus, endpoint_security_tools, internet_security, total_security. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-7073? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-7073 — free, no signup required.