CVE-2025-5317

Medium CVSS: 6.8

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.

Vendor

Bitdefender

Product

Endpoint Security

CWE

CWE-862

Yayın Tarihi

2025-11-11 08:15:34

Güncelleme

2025-12-08 18:10:57

Source Identifier

cve-requests@bitdefender.com

KEV Date Added

Kategoriler

CWE-862 Endpoint Security MEDIUM Bitdefender 2025

Referanslar

https://www.bitdefender.com/support/security-advisories/improper-access-restriction-to-critical-folder-in-bitdefender-endpoint-security-tools-for-mac/

Benzer Kayıtlar

High

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privil…

Medium

CVE-2025-2243

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input…

Critical

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafel…

Medium

CVE-2025-2245

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in…

Critical

CVE-2024-13871

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (fir…

Critical

CVE-2024-13872

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Int…