CVE-2025-3025 | THREATINT

Description

Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before < 6.36.11508.

PUBLISHED Reserved 2025-03-31 | Published 2025-09-15 | Updated 2025-09-16 | Assigner NLOK

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Default status

unaffected

6.33.11465 (custom) before < 6.36.11508

affected

Credits

Dong-uk Kim (@justlikebono) finder

Trend Micro, the Zero Day Initiative (ZDI) ZDI-CAN-26474 other

References

www.gendigital.com/us/en/contact-us/security-advisories/

cve.org (CVE-2025-3025)

nvd.nist.gov (CVE-2025-3025)

Download JSON