Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Malwarebytes AdwCleaner: Non-admin users can delete important files
CVE-2025-67905
Summary
Non-admin users can delete important system files on Malwarebytes AdwCleaner versions before 8.7.0. This is a security risk because it could allow an attacker to delete critical system files, potentially causing harm to the system. To stay safe, update to version 8.7.0 or later.
Original title
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escal...
Original description
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an attacker must create a file in a given folder path and intercept the application log file deletion flow.
nvd CVSS3.1
8.7
Vulnerability type
CWE-269
Improper Privilege Management
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026