Cyber Resilience

CVE-2025-69875

HighLPE

Published: 03 February 2026

Published
03 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69875 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Quickheal Total Security. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-69875 is a vulnerability in Quick Heal Total Security version 23.0.0, specifically within the quarantine management component. It stems from insufficient validation of restore paths combined with improper permission handling, enabling a low-privileged local user to restore quarantined files directly into protected system directories. This flaw, associated with CWEs-269 (Improper Privilege Management), CWE-281 (Improper Preservation of Permissions), and CWE-552 (Files or Directories Accessible to External Parties), carries a CVSS v3.1 base score of 7.8 (High), reflecting local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, and high impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited by a low-privileged local attacker who gains access to the system. By abusing the quarantine restore functionality, the attacker can place arbitrary files into high-privilege system locations that would otherwise be restricted, potentially achieving privilege escalation to higher levels such as administrator or SYSTEM. No user interaction is needed beyond local access, making it straightforward for compromised standard user accounts to elevate privileges and further compromise the host.

References include a GitHub repository at https://github.com/mertdas/QuickHealTotalSecurityPOC, which provides a proof-of-concept for the issue, and a product security update page from Samsung Semiconductor at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-59439/. No specific patch or mitigation details are detailed in the provided information.

EU & UK References

Vulnerability details

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can…

more

be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local path validation bypass in quarantine restore directly enables arbitrary file placement into protected directories, facilitating privilege escalation from low-privileged accounts.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56192Shared CWE-281
CVE-2025-36640Shared CWE-269
CVE-2026-29124Shared CWE-269
CVE-2026-21533Shared CWE-269
CVE-2023-7343Shared CWE-269
CVE-2025-21360Shared CWE-269
CVE-2025-69689Shared CWE-269
CVE-2026-33906Shared CWE-269
CVE-2026-0023Shared CWE-269
CVE-2025-25711Shared CWE-281

Affected Assets

quickheal
total security
23.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-6 enforces least privilege, directly mitigating improper privilege management that allows low-privileged users to restore files to protected system directories.

prevent

AC-3 enforces approved authorizations for access to system resources, addressing improper permission handling in the quarantine restore function.

prevent

SI-10 validates information inputs such as restore paths, countering insufficient validation that enables placement of files in high-privilege locations.

References