certfr_avis - certfr-2025-avi-1089

CERTFR-2025-AVI-1089

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits Bitdefender. Elle permet à un attaquant de provoquer une élévation de privilèges et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Bitdefender	N/A	Internet Security Antivirus Plus versions antérieures à 27.0.46.231
Bitdefender	N/A	Antivirus Free versions antérieures à 30.0.25.77
Bitdefender	Total Security	Total Security versions antérieures à 27.10.45.497
Bitdefender	N/A	Endpoint Security Tools pour Windows versions antérieures à 7.9.20.515
Bitdefender	Total Security	Internet Security versions antérieures à 27.10.45.497
Bitdefender	N/A	Antivirus Plus versions antérieures à 27.10.45.497

References

Title

Publication Time

Tags

Bulletin de sécurité Bitdefender local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590

2025-12-10

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Security Antivirus Plus versions ant\u00e9rieures \u00e0 27.0.46.231",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bitdefender",
          "scada": false
        }
      }
    },
    {
      "description": "Antivirus Free versions ant\u00e9rieures \u00e0 30.0.25.77",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bitdefender",
          "scada": false
        }
      }
    },
    {
      "description": "Total Security versions ant\u00e9rieures \u00e0 27.10.45.497",
      "product": {
        "name": "Total Security",
        "vendor": {
          "name": "Bitdefender",
          "scada": false
        }
      }
    },
    {
      "description": "Endpoint Security Tools pour Windows versions ant\u00e9rieures \u00e0 7.9.20.515 ",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bitdefender",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Security versions ant\u00e9rieures \u00e0 27.10.45.497",
      "product": {
        "name": "Total Security",
        "vendor": {
          "name": "Bitdefender",
          "scada": false
        }
      }
    },
    {
      "description": "Antivirus Plus versions ant\u00e9rieures \u00e0 27.10.45.497",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Bitdefender",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-7073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7073"
    }
  ],
  "initial_release_date": "2025-12-10T00:00:00",
  "last_revision_date": "2025-12-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1089",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Bitdefender. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Bitdefender",
  "vendor_advisories": [
    {
      "published_at": "2025-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Bitdefender local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590",
      "url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590/"
    }
  ]
}

CVE-2025-7073 (GCVE-0-2025-7073)

Vulnerability from cvelistv5

Published

2025-12-10 09:46

Modified

2025-12-11 04:55

Severity ?

8.8 (High) - CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Summary

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

References

URL

Tags

https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590

Impacted products

Vendor

Product

Version

Bitdefender

Total Security

Version: 0 < 27.10.45.497

	Bitdefender	Internet Security	Version: 0 < 27.10.45.497
	Bitdefender	Antivirus Plus	Version: 0 < 27.10.45.497

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7073",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-10T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-11T04:55:18.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Total Security",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "27.10.45.497",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Internet Security",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "27.10.45.497",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Antivirus Plus",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "27.10.45.497",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Filip Dragovic (@filip_dragovic)"
        }
      ],
      "datePublic": "2025-12-10T09:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from \u003ccode\u003ebdservicehost.exe\u003c/code\u003e\u0026nbsp;deleting files from a user-writable directory (\u003ccode\u003eC:\\ProgramData\\Atc\\Feedback\u003c/code\u003e) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
            }
          ],
          "value": "A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe\u00a0deleting files from a user-writable directory (C:\\ProgramData\\Atc\\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-132",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-132 Symlink Attack"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-10T09:46:40.263Z",
        "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "shortName": "Bitdefender"
      },
      "references": [
        {
          "url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An automatic update to product version\u0026nbsp;27.10.45.497 fixes the issue"
            }
          ],
          "value": "An automatic update to product version\u00a027.10.45.497 fixes the issue"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
    "assignerShortName": "Bitdefender",
    "cveId": "CVE-2025-7073",
    "datePublished": "2025-12-10T09:46:40.263Z",
    "dateReserved": "2025-07-04T15:58:42.058Z",
    "dateUpdated": "2025-12-11T04:55:18.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2025-AVI-1089

Vulnerability from certfr_avis

Solutions

CVE-2025-7073 (GCVE-0-2025-7073)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature