CVE-2025-66680
Published: 03 March 2026
Summary
CVE-2025-66680 is a high-severity Link Following (CWE-59) vulnerability in Wisecleaner Wise Force Deleter. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-66680 affects the WiseDelfile64.sys component in WiseCleaner Wise Force Deleter versions 7.3.2 and earlier. The vulnerability enables attackers to delete arbitrary files via a crafted request and is classified under CWE-59 (Improper Link Resolution Before File Access). It carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high impact on system integrity and availability with no confidentiality loss. The CVE was published on 2026-03-03T16:16:17.923.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. By sending a crafted request to the affected driver, the attacker achieves arbitrary file deletion, which could lead to denial of service, data loss, or system destabilization by targeting critical files.
Mitigation details are available in referenced advisories, including the GitHub repository at https://github.com/cwjchoi01/CVE-2025-66680/tree/main and the Wise Force Deleter product page at https://www.wisecleaner.com/wise-force-deleter.html. Security practitioners should consult these resources for patch information or workarounds specific to the software.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208237
Vulnerability details
An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file deletion via vulnerable driver directly enables file deletion for indicator removal, data destruction, and inhibiting system recovery by targeting critical files.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces access control policies on file operations so the WiseDelfile64.sys driver cannot honor crafted deletion requests that bypass normal authorization checks.
Limits privileges assigned to users and processes interacting with the driver, reducing the ability of a low-privileged local attacker to reach the vulnerable code path.
Requires validation of all inputs to the kernel driver, blocking the specially crafted requests that trigger arbitrary file deletion via improper link resolution.