Cyber Resilience

CVE-2025-66680

HighPublic PoC

Published: 03 March 2026

Published
03 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0006 17.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66680 is a high-severity Link Following (CWE-59) vulnerability in Wisecleaner Wise Force Deleter. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-66680 affects the WiseDelfile64.sys component in WiseCleaner Wise Force Deleter versions 7.3.2 and earlier. The vulnerability enables attackers to delete arbitrary files via a crafted request and is classified under CWE-59 (Improper Link Resolution Before File Access). It carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high impact on system integrity and availability with no confidentiality loss. The CVE was published on 2026-03-03T16:16:17.923.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. By sending a crafted request to the affected driver, the attacker achieves arbitrary file deletion, which could lead to denial of service, data loss, or system destabilization by targeting critical files.

Mitigation details are available in referenced advisories, including the GitHub repository at https://github.com/cwjchoi01/CVE-2025-66680/tree/main and the Wise Force Deleter product page at https://www.wisecleaner.com/wise-force-deleter.html. Security practitioners should consult these resources for patch information or workarounds specific to the software.

EU & UK References

Vulnerability details

An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
T1490 Inhibit System Recovery Impact
Adversaries may delete or remove built-in data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery.
Why these techniques?

Arbitrary file deletion via vulnerable driver directly enables file deletion for indicator removal, data destruction, and inhibiting system recovery by targeting critical files.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23563Shared CWE-59
CVE-2025-15314Shared CWE-59
CVE-2025-15313Shared CWE-59
CVE-2025-1683Shared CWE-59
CVE-2026-35349Shared CWE-59
CVE-2026-27748Shared CWE-59
CVE-2025-66277Shared CWE-59
CVE-2026-40931Shared CWE-59
CVE-2026-5161Shared CWE-59
CVE-2026-32054Shared CWE-59

Affected Assets

wisecleaner
wise force deleter
≤ 1.5.7.59

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control policies on file operations so the WiseDelfile64.sys driver cannot honor crafted deletion requests that bypass normal authorization checks.

prevent

Limits privileges assigned to users and processes interacting with the driver, reducing the ability of a low-privileged local attacker to reach the vulnerable code path.

prevent

Requires validation of all inputs to the kernel driver, blocking the specially crafted requests that trigger arbitrary file deletion via improper link resolution.

References