Search criteria
2 vulnerabilities by bleachbit
CVE-2025-32780 (GCVE-0-2025-32780)
Vulnerability from cvelistv5 – Published: 2025-04-15 16:32 – Updated: 2025-04-15 17:30
VLAI?
Title
BleachBit for Windows Has DLL Untrusted Path Vulnerability
Summary
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T17:26:17.880247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T17:30:02.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"status": "affected",
"version": "\u003c 4.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\\Users\\\u003cusername\u003e\\AppData\\Local\\Microsoft\\WindowsApps\\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T16:32:55.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-ghph-v4x4-vr3c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-ghph-v4x4-vr3c"
},
{
"name": "https://github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bleachbit/bleachbit/commit/dafeba57dcb14c7ec4a97224ff1408f6b0c2a7f8"
}
],
"source": {
"advisory": "GHSA-ghph-v4x4-vr3c",
"discovery": "UNKNOWN"
},
"title": "BleachBit for Windows Has DLL Untrusted Path Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32780",
"datePublished": "2025-04-15T16:32:55.622Z",
"dateReserved": "2025-04-10T12:51:12.278Z",
"dateUpdated": "2025-04-15T17:30:02.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47113 (GCVE-0-2023-47113)
Vulnerability from cvelistv5 – Published: 2023-11-08 21:57 – Updated: 2024-09-06 17:54
VLAI?
Title
DLL Search Order Hijacking vulnerability in BleachBit for Windows
Summary
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
Severity ?
7.3 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bleachbit:bleachbit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:21:52.175996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:54:06.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bleachbit",
"vendor": "bleachbit",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T21:57:47.549Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bleachbit/bleachbit/security/advisories/GHSA-j8jc-f6p7-55p8"
}
],
"source": {
"advisory": "GHSA-j8jc-f6p7-55p8",
"discovery": "UNKNOWN"
},
"title": "DLL Search Order Hijacking vulnerability in BleachBit for Windows"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-47113",
"datePublished": "2023-11-08T21:57:47.549Z",
"dateReserved": "2023-10-30T19:57:51.674Z",
"dateUpdated": "2024-09-06T17:54:06.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}