CVE-2025-32780 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-32780 at MITRE

Description

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\<username>\AppData\Local\Microsoft\WindowsApps\, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
	CNA (GitHub)
Base Score	7.3
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector	Local
Attack Complexity	Low
Privileges Required	Low
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1241253 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Tue Apr 15 20:01:56 2025
CVE page last modified: Thu May 8 12:38:56 2025