216.73.216.215

CVE-2025-67905

· Published 17/02/2026 17:21 · Modified 18/02/2026 17:52

Labels: CVE-2025-67905 2026-02-17CVE-2025-67905CWE-269[email protected]

Essential information

Published
17/02/2026 17:21
Modified
18/02/2026 17:52
Author
Creator
CVSS
8.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CVSS metrics

Description

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an attacker must create a file in a given folder path and intercept the application log file deletion flow.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
malwarebytes / adwcleaner cpe:2.3:a:malwarebytes:adwcleaner:<8.7.0:*:*:*:*:*:*:*

References