CVE-2025-32780: 
BleachBit vulnerability analysis and mitigation

BleachBit, a utility that cleans files to free disk space and maintain privacy, was found to contain a DLL Hijacking vulnerability (CVE-2025-32780) affecting Windows versions up to 4.6.2. The vulnerability was discovered and disclosed on April 15, 2025. The issue allows attackers to execute arbitrary code by placing a malicious DLL named uuid.dll in the folder C:\Users\AppData\Local\Microsoft\WindowsApps\ (NVD, GitHub Advisory).

The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) with a CVSS v3.1 base score of 7.3 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is unchanged (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (GitHub Advisory).

The vulnerability has significant security implications. Since BleachBit typically runs with elevated privileges through UAC, malware operating in a non-elevated context can place a malicious payload and wait for BleachBit execution to gain elevated privileges. The vulnerability can also be used as a persistence mechanism, an evasion technique through legitimate process execution, and for lateral movement in multi-user systems (GitHub Advisory).

The vulnerability has been patched in BleachBit version 4.9.0. Users are advised to upgrade to this version to mitigate the risk (NVD, GitHub Commit).