What is the CVSS score of CVE-2025-69875?

CVE-2025-69875 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Total Security are affected by CVE-2025-69875?

A high-severity vulnerability in Quick Heal Total Security 23.0.0 allows low-privileged users to bypass security controls and restore malicious files into protected system directories, potentially…

Is there a public PoC exploit available for CVE-2025-69875?

Yes, a public proof-of-concept exploit is available for CVE-2025-69875. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-69875?

Within 24 hours: Inventory all Quick Heal Total Security 23.0.0 deployments and isolate affected systems from sensitive networks if possible; disable the quarantine restore feature via administrative controls. Within 7 days: Contact Quick Heal for patch availability status and timeline; evaluate alternative endpoint protection solutions. Within 30 days: Deploy patched version immediately upon vendor release or migrate to alternate security solution; conduct forensic review of quarantine logs for unauthorized restore activities.

Total Security CVE-2025-69875

HIGH

Improper Privilege Management (CWE-269)

2026-02-03 cve@mitre.org

Privilege Escalation Total Security

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 11, 2026 - 16:06 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

HIGH 7.8

DescriptionCVE.org

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.

AnalysisAI

Technical ContextAI

Classified as CWE-269 (Improper Privilege Management). Affects the quarantine management component of Total Security. A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-69875 vulnerability details – vuln.today

Back

Total Security CVE-2025-69875

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code