Cyber Resilience

CVE-2020-8094

HighLPE

Published: 15 January 2025

Published
15 January 2025
Modified
07 February 2025
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 8.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-8094 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Bitdefender Antivirus 2020. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2020-8094 is an untrusted search path vulnerability (CWE-426) affecting the testinitsigs.exe component in Bitdefender Antivirus Free 2020. This flaw allows malicious code execution due to the executable searching for DLLs in untrusted directories before secure paths.

A low-privilege local attacker can exploit this vulnerability by placing a specially crafted DLL file in an untrusted search path location. When a user runs testinitsigs.exe, it loads the attacker's DLL instead of the legitimate one, enabling arbitrary code execution with SYSTEM privileges. The CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects requirements for local access, low attack complexity, no privileges, and user interaction, with high impacts on confidentiality, integrity, and availability.

Bitdefender has published security advisory VA-8422 detailing the untrusted search path vulnerability in Antivirus Free 2020, available at https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-antivirus-free-2020-va-8422/. Practitioners should consult this advisory for patch information and mitigation guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Untrusted search path in testinitsigs.exe directly enables DLL side-loading (T1574.002) by a local attacker placing a malicious DLL, resulting in arbitrary code execution and privilege escalation to SYSTEM (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-49457Shared CWE-426
CVE-2025-1756Shared CWE-426
CVE-2026-29089Shared CWE-426
CVE-2024-11128Same vendor: Bitdefender
CVE-2025-1755Shared CWE-426
CVE-2024-13872Same vendor: Bitdefender
CVE-2025-12793Shared CWE-426
CVE-2024-13871Same vendor: Bitdefender
CVE-2025-21399Shared CWE-426
CVE-2026-32032Shared CWE-426

Affected Assets

bitdefender
antivirus 2020
≤ 1.0.16.152

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the untrusted search path flaw in testinitsigs.exe by identifying, reporting, and applying vendor-provided patches as specified in the Bitdefender advisory.

prevent

Enforces secure configuration settings such as Windows SafeDLLSearchMode to prioritize system directories over untrusted paths, preventing DLL loading from attacker-controlled locations.

prevent

Requires the use of digitally signed DLL components from trusted sources, blocking the execution of malicious unsigned DLLs placed in untrusted search paths by testinitsigs.exe.

References