CVE-2024-52925 MEDIUM

CVE-2024-52925

Vendor Opswat
Product MetaDefender Kiosk
Weakness CWE-94 · Code injection
Published February 26, 2025
Last update February 26, 2025

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives.

Key dates

02Disclosure timeline

February 26, 2025 CVE published
February 26, 2025 Record updated