Cyber Posture

CVE-2025-66680

HighPublic PoC

Published: 03 March 2026

Published
03 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0006 17.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66680 is a high-severity Link Following (CWE-59) vulnerability in Wisecleaner Wise Force Deleter. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to File Deletion (T1070.004) and 2 other techniques.
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
attack.mitre.org →
T1490 Inhibit System Recovery Impact
Adversaries may delete or remove built-in data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery.
attack.mitre.org →
Why these techniques?

Arbitrary file deletion via vulnerable driver directly enables file deletion for indicator removal, data destruction, and inhibiting system recovery by targeting critical files.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request.

Deeper analysisAI

CVE-2025-66680 affects the WiseDelfile64.sys component in WiseCleaner Wise Force Deleter versions 7.3.2 and earlier. The vulnerability enables attackers to delete arbitrary files via a crafted request and is classified under CWE-59 (Improper Link Resolution Before File Access). It carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high impact on system integrity and availability with no confidentiality loss. The CVE was published on 2026-03-03T16:16:17.923.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. By sending a crafted request to the affected driver, the attacker achieves arbitrary file deletion, which could lead to denial of service, data loss, or system destabilization by targeting critical files.

Mitigation details are available in referenced advisories, including the GitHub repository at https://github.com/cwjchoi01/CVE-2025-66680/tree/main and the Wise Force Deleter product page at https://www.wisecleaner.com/wise-force-deleter.html. Security practitioners should consult these resources for patch information or workarounds specific to the software.

Details

CWE(s)
CWE-59

Affected Products

wisecleaner
wise force deleter
≤ 1.5.7.59

CVEs Like This One

CVE-2026-23563Shared CWE-59
CVE-2025-15313Shared CWE-59
CVE-2025-15314Shared CWE-59
CVE-2025-1683Shared CWE-59
CVE-2026-35349Shared CWE-59
CVE-2026-27748Shared CWE-59
CVE-2025-66277Shared CWE-59
CVE-2026-5161Shared CWE-59
CVE-2026-40931Shared CWE-59
CVE-2026-32054Shared CWE-59

References