CVE-2025-67905

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-67905
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an attacker must create a file in a given folder path and intercept the application log file deletion flow.

8.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://Malwarebytes.com
https://www.malwarebytes.com/secure/cves/cve-2025-67905
Configurations

No configuration.

History

No history.

Information

Published : 2026-02-17 17:21

Updated : 2026-02-18 17:52

NVD link : CVE-2025-67905

Mitre link : CVE-2025-67905

CVE.ORG link : CVE-2025-67905

JSON object : View

Products Affected

No product.

CWE
CWE-269

Improper Privilege Management