PT-2026-20261 · Malwarebytes · Malwarebytes Adwcleaner
Published
2026-02-17
·
Updated
2026-02-22
·
CVE-2025-67905
CVSS v3.1
8.7
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Malwarebytes AdwCleaner versions prior to 8.7.0
Description
The application runs with Administrator privileges and performs an insecure log file deletion. The target location for deletion is controllable by the user. This allows a non-administrator user to escalate privileges to SYSTEM through a symbolic link. To exploit this, an attacker must create a file in a specific folder path and intercept the application's log file deletion process.
Recommendations
Update Malwarebytes AdwCleaner to version 8.7.0 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Malwarebytes Adwcleaner