Search criteria
5 vulnerabilities found for bleachbit by bleachbit
CVE-2025-32780 (GCVE-0-2025-32780)
Vulnerability from cvelistv5 – Published: 2025-04-15 16:32 – Updated: 2025-04-15 17:30
VLAI?
Title
BleachBit for Windows Has DLL Untrusted Path Vulnerability
Summary
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:26:17.880247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:30:02.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\\Users\\\u003cusername\u003e\\AppData\\Local\\Microsoft\\WindowsApps\\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T16:32:55.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-ghph-v4x4-vr3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-ghph-v4x4-vr3c"
},
{
"name": "https://github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8"
}
],
"source": {
"advisory": "GHSA-ghph-v4x4-vr3c",
"discovery": "UNKNOWN"
},
"title": "BleachBit for Windows Has DLL Untrusted Path Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32780",
"datePublished": "2025-04-15T16:32:55.622Z",
"dateReserved": "2025-04-10T12:51:12.278Z",
"dateUpdated": "2025-04-15T17:30:02.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47113 (GCVE-0-2023-47113)
Vulnerability from cvelistv5 – Published: 2023-11-08 21:57 – Updated: 2024-09-06 17:54
VLAI?
Title
DLL Search Order Hijacking vulnerability in BleachBit for Windows
Summary
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bleachbit:bleachbit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:21:52.175996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:54:06.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T21:57:47.549Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
],
"source": {
"advisory": "GHSA-j8jc-f6p7-55p8",
"discovery": "UNKNOWN"
},
"title": "DLL Search Order Hijacking vulnerability in BleachBit for Windows"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47113",
"datePublished": "2023-11-08T21:57:47.549Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-09-06T17:54:06.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32780 (GCVE-0-2025-32780)
Vulnerability from nvd – Published: 2025-04-15 16:32 – Updated: 2025-04-15 17:30
VLAI?
Title
BleachBit for Windows Has DLL Untrusted Path Vulnerability
Summary
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:26:17.880247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:30:02.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\\Users\\\u003cusername\u003e\\AppData\\Local\\Microsoft\\WindowsApps\\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T16:32:55.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-ghph-v4x4-vr3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-ghph-v4x4-vr3c"
},
{
"name": "https://github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8"
}
],
"source": {
"advisory": "GHSA-ghph-v4x4-vr3c",
"discovery": "UNKNOWN"
},
"title": "BleachBit for Windows Has DLL Untrusted Path Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32780",
"datePublished": "2025-04-15T16:32:55.622Z",
"dateReserved": "2025-04-10T12:51:12.278Z",
"dateUpdated": "2025-04-15T17:30:02.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47113 (GCVE-0-2023-47113)
Vulnerability from nvd – Published: 2023-11-08 21:57 – Updated: 2024-09-06 17:54
VLAI?
Title
DLL Search Order Hijacking vulnerability in BleachBit for Windows
Summary
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bleachbit:bleachbit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:21:52.175996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:54:06.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T21:57:47.549Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
],
"source": {
"advisory": "GHSA-j8jc-f6p7-55p8",
"discovery": "UNKNOWN"
},
"title": "DLL Search Order Hijacking vulnerability in BleachBit for Windows"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47113",
"datePublished": "2023-11-08T21:57:47.549Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-09-06T17:54:06.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2023-47113
Vulnerability from fkie_nvd - Published: 2023-11-08 22:15 - Updated: 2024-11-21 08:29
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8 | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bleachbit:bleachbit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DDC144-B02C-4A1D-B4A8-7DB844F2D1D8",
"versionEndIncluding": "4.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.\n"
},
{
"lang": "es",
"value": "BleachBit limpia archivos para liberar espacio en el disco y mantener la privacidad. BleachBit para Windows hasta la versi\u00f3n 4.4.2 es afectada por una vulnerabilidad de DLL Hijacking. Al colocar una DLL en la carpeta c:\\DLLs, un atacante puede ejecutar c\u00f3digo arbitrario en cada ejecuci\u00f3n de BleachBit para Windows. Este problema se solucion\u00f3 en la versi\u00f3n 4.5.0."
}
],
"id": "CVE-2023-47113",
"lastModified": "2024-11-21T08:29:48.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-08T22:15:10.843",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}