CVE-2025-32780

Summary

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users<username>\AppData\Local\Microsoft\WindowsApps, an attacker can execute arbitrary code every time BleachBit is run. This issue has been patched in version 4.9.0.

Affected Software

VendorProductVersion RangeStatus
bleachbitbleachbit< 4.9.0affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References