CVEDB API

Vulnerabilities

Vulnerable Software

Bitdefender: >> Endpoint Security Tools >> 7.4.1.111 Security Vulnerabilities

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.

CVSS Score

7.8

EPSS Score

0.0

Published

2025-12-10

CVE-2021-4199

Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.

CVSS Score

7.8

EPSS Score

0.006

Published

2022-03-07

Page 1

Vulnerabilities

Vulnerable Software

Bitdefender: >> Endpoint Security Tools >> 7.4.1.111 Security Vulnerabilities

Products

Pricing

Contact Us