CVE-2025-32780

Name of the Vulnerable Software and Affected Versions BleachBit versions prior to 4.9.0 BleachBit version 4.6.2 and earlier

Description BleachBit cleans files to free disk space and to maintain privacy. It is vulnerable to a DLL Hijacking issue. By placing a malicious DLL with the name uuid.dll in the folder "C:UsersAppDataLocalMicrosoftWindowsApps", an attacker can execute arbitrary code every time BleachBit is run.

Recommendations For versions prior to 4.9.0, update to version 4.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the C:Users<username>AppDataLocalMicrosoftWindowsApps folder to minimize the risk of exploitation. Avoid placing any untrusted DLL files in the aforementioned folder until the issue is resolved.