Zillya Total Security 3.0.2367.0 Local Privilege Escalation via Quarantine Module

Advisories

Zillya Total Security 3.0.2367.0 Local Privilege Escalation via Quarantine Module

severity: high
date: 12/22/2025
Affecting: Zillya Total Security 3.0.2367.0
CVE: CVE-2023-53973
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-51151
Zillya Official Homepage
Credit: M. Akil Gündoğan
Description: Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo