CVE-2025-66680 is a security vulnerability identified in the WiseDelfile64.sys kernel-mode driver component of WiseCleaner Wise Force Deleter, specifically version 7.3.2 and earlier. This driver is responsible for handling file deletion requests at a low system level. The vulnerability arises because the driver improperly validates input from user-mode requests, allowing an attacker to craft a malicious request that causes the driver to delete arbitrary files on the system. This can lead to unauthorized deletion of critical system or user files, potentially causing system instability, data loss, or denial of service conditions. The vulnerability does not currently have a CVSS score, and no patches or public exploits have been reported as of the publication date. Exploitation likely requires local access or the ability to send crafted requests to the driver interface, which may be exposed depending on system configuration. The lack of authentication requirements increases the risk if the driver is accessible by unprivileged users or processes. Given the nature of the flaw, it primarily impacts Windows systems running the vulnerable Wise Force Deleter software, which is used for forcibly deleting locked or stubborn files. The vulnerability highlights the risks of kernel-mode drivers improperly validating input, which can lead to critical system-level impacts.

The primary impact of CVE-2025-66680 is unauthorized deletion of arbitrary files on affected systems. This can result in significant data loss, corruption of system files, and potential denial of service if essential OS files or application data are removed. For organizations, this could disrupt business operations, cause downtime, and lead to costly recovery efforts. In environments where Wise Force Deleter is used to manage locked files, attackers could exploit this vulnerability to bypass normal file protection mechanisms and delete sensitive or critical files. The lack of authentication and potential ease of exploitation increases the risk, especially in multi-user or shared environments. Although no known exploits are currently in the wild, the vulnerability's presence in a kernel-mode driver elevates its severity due to the high privileges involved. Organizations relying on this software in critical infrastructure, enterprise environments, or with sensitive data are particularly at risk of operational disruption and data integrity issues.

Organizations should immediately audit their use of Wise Force Deleter software and identify systems running version 7.3.2 or earlier. Until a patch is released, restrict access to the affected driver by limiting user permissions and controlling which processes can interact with WiseDelfile64.sys. Employ application whitelisting and endpoint protection solutions to detect and block suspicious attempts to send crafted requests to the driver. Monitor system logs for unusual file deletion activities and implement file integrity monitoring to quickly detect unauthorized changes. Consider isolating or removing the software from critical systems if feasible. Engage with WiseCleaner support or vendor channels to obtain updates or patches as soon as they become available. Additionally, educate users about the risks of running untrusted software that interacts with system-level drivers. For environments where local access cannot be fully controlled, consider deploying host-based intrusion prevention systems (HIPS) to detect exploitation attempts.