Bitdefender: Security Flaw Allows Privilege Escalation in Antivirus

A security vulnerability has been discovered in Bitdefender's antivirus software that allows attackers to escalate their privileges within the system. Various Bitdefender versions are affected. Updates to fix the vulnerability are available.

Bitdefender warns of the security flaw in a security advisory. The vulnerability is located in the "Active Threat Control" module, the manufacturer explains. "The problem arises because 'bdservicehost.exe' deletes files from a user-writable directory ('C:\ProgramData\Atc\Feedback') without properly checking for symbolic links, which allows arbitrary file deletion. This problem is chained with a file copy operation during network events and a bypass of the filter driver via DLL injection, leading to code execution as a user with elevated privileges," explain the authors of the security advisory.

The vulnerability has been assigned the entry CVE-2025-7073. The attack vector according to CVSS 4 assumed by Bitdefender reaches a value of 8.8, classifying it as "high" risk.

Affected Versions

Bitdefender names Free version prior to 30.0.25.77, Internet Security Antivirus Plus and Total Security prior to 27.0.46.231, and Endpoint Security Tools for Windows prior to version 7.9.20.515 as affected versions. The automatic update mechanism should have already brought the software up to these versions. Whether one's own software is already up to date can be found out according to the manufacturer's instructions. If necessary, affected users should activate automatic updates and install pending updates.

Most recently, in April, a security vulnerability in Bitdefender GravityZone business protection was disclosed. The developers also classified this as a critical risk.

(dmk)