CVE-2025-7073

Name of the Vulnerable Software and Affected Versions Bitdefender Total Security version 27.0.46.231

Description A local privilege escalation issue exists in Bitdefender Total Security. A low-privileged attacker can gain elevated privileges due to improper symbolic link validation when bdservicehost.exe deletes files from a user-writable directory, specifically C:ProgramDataAtcFeedback. This allows for arbitrary file deletion. The issue is combined with a file copy operation during network events and a filter driver bypass through DLL injection, leading to arbitrary file copy and code execution with elevated user privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.