CVE-2025-66680 is a vulnerability identified in the WiseDelfile64.sys driver, a component of WiseCleaner Wise Force Deleter version 7.3.2 and earlier. This vulnerability allows an attacker with limited privileges (PR:L) to delete arbitrary files on the affected Windows system by sending a specially crafted request to the driver. The flaw is categorized under CWE-59, which relates to improper neutralization of file path elements, enabling unauthorized file deletion. The attack vector is local (AV:L), meaning the attacker must have some level of access to the system but does not require user interaction (UI:N) to exploit the vulnerability. The vulnerability impacts the integrity and availability of the system by allowing deletion of critical files, potentially leading to system instability or denial of service. The CVSS 3.1 base score is 7.1, indicating a high severity level due to the combination of low attack complexity, required privileges, and significant impact. No patches or fixes have been released at the time of publication, and no known exploits have been observed in the wild. The vulnerability is particularly concerning for environments where Wise Force Deleter is used for file management or deletion tasks, as attackers could leverage this flaw to disrupt operations or remove critical files maliciously.

The primary impact of CVE-2025-66680 is the unauthorized deletion of arbitrary files on affected systems, which compromises system integrity and availability. Organizations relying on Wise Force Deleter for file management may face operational disruptions, data loss, or denial of service conditions if critical system or application files are deleted. This could affect business continuity, especially in environments where file deletion tools are integrated into automated workflows or administrative tasks. The vulnerability requires local access with limited privileges, which somewhat limits remote exploitation but still poses a significant risk from insider threats or attackers who have gained initial foothold. The absence of a patch increases exposure time, potentially allowing attackers to develop exploits. The impact is heightened in environments with sensitive or critical data, where file deletion could lead to compliance violations, data integrity issues, or costly recovery efforts.

To mitigate CVE-2025-66680, organizations should immediately restrict access to systems running Wise Force Deleter, limiting user privileges to the minimum necessary. Avoid running the vulnerable version (7.3.2 and earlier) on critical systems until a patch is available. Monitor file system activity and logs for unusual deletion patterns or unauthorized access attempts targeting the WiseDelfile64.sys driver. Employ application whitelisting and endpoint protection solutions to detect and block suspicious behavior related to file deletion. If possible, disable or uninstall Wise Force Deleter on systems where it is not essential. Establish strict local user account controls and audit local privilege escalations to reduce the risk of exploitation. Stay informed on vendor advisories and apply patches promptly once released. Additionally, implement regular backups and verify their integrity to enable recovery from malicious file deletions.