Bitdefender Antivirus Plus vulnerabilities
10 known vulnerabilities affecting bitdefender/antivirus_plus.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-7073P3HIGHCVSS 7.8fixed in 27.0.47.2412025-12-10
CVE-2025-7073 [HIGH] CWE-59 CVE-2025-7073: A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.2
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This is
nvd
CVE-2020-15732P3HIGHCVSS 7.5fixed in 25.0.7.29≥ unspecified, < 25.0.7.292021-06-22
CVE-2020-15732 [HIGH] CWE-295 CVE-2020-15732: Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitd
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefen
nvd
CVE-2021-4199P3HIGHCVSS 7.8fixed in 26.0.3.29≥ unspecified, < 26.0.10.452022-03-07
CVE-2021-4199 [HIGH] CWE-732 CVE-2021-4199: Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.
nvd
CVE-2022-0357P3HIGHCVSS 7.8fixed in 26.0.10.45v26.0.10.452023-05-24
CVE-2022-0357 [HIGH] CWE-428 CVE-2022-0357: Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Tot
Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.
This issue affects:
Bitdefender Total Security
versions prior to 26.0.10.45.
Bitdefender Internet Security
versions prior to 2
nvd
CVE-2023-6154P3HIGHCVSS 7.8v27.0.25.1142024-04-01
CVE-2023-6154 [HIGH] CWE-15 CVE-2023-6154: A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender In
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This issue affects Total Security: 27.0.25.114; Internet Securit
nvd
CVE-2020-8107P3HIGHCVSS 7.8fixed in 24.0.26.136≥ unspecified, < 24.0.26.1362022-02-18
CVE-2020-8107 [HIGH] CWE-114 CVE-2020-8107: A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows a
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions pri
nvd
CVE-2017-6186P4MEDIUMCVSS 6.7≤ 12.02017-03-21
CVE-2017-6186 [MEDIUM] CWE-94 CVE-2017-6186: Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.
Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is tha
nvd
CVE-2020-15733P4MEDIUMCVSS 6.5fixed in 25.0.7.29≥ unspecified, < 25.0.7.29.2020-12-14
CVE-2020-15733 [MEDIUM] CWE-346 CVE-2020-15733: An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allo
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.
nvd
CVE-2019-14242P4MEDIUMCVSS 6.7fixed in 23.0.24.1202019-07-30
CVE-2019-14242 [MEDIUM] CWE-427 CVE-2019-14242: An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool vers
An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to 6.6.8.115; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to 23.0.24.120) that can lead to local code injection. A local attacker with administrator privileges can create a ma
nvd
CVE-2021-4198P4MEDIUMCVSS 6.1fixed in 26.0.3.29≥ unspecified, < 26.0.3.292022-03-07
CVE-2021-4198 [MEDIUM] CWE-476 CVE-2021-4198: A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender T
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29.
nvd