CVE-2025-32780 HIGH

CVE-2025-32780: BleachBit for Windows Has DLL Untrusted Path Vulnerability

Vendor Bleachbit
Product bleachbit
Weakness CWE-427
Published April 15, 2025
Last update April 15, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.

Key dates

02Disclosure timeline

April 15, 2025 CVE published
April 15, 2025 Record updated