CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0131 – GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK
https://notcve.org/view.php?id=CVE-2025-0131
14 May 2025 — An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit. • https://security.paloaltonetworks.com/CVE-2025-0131 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52925
https://notcve.org/view.php?id=CVE-2024-52925
26 Feb 2025 — In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives. • https://www.opswat.com/docs/mdkiosk/release-notes/cve-2024-52925 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36657
https://notcve.org/view.php?id=CVE-2023-36657
15 Sep 2023 — An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. Se descubrió un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Se puede abusar de las funciones integradas de Windows (atajos de escritorio, narrador) para escalar privilegios. • https://docs.opswat.com/mdkiosk • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36658
https://notcve.org/view.php?id=CVE-2023-36658
15 Sep 2023 — An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. Se descubrió un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Tiene una ruta de servicio no citada de la que se puede abusar localmente. • https://docs.opswat.com/mdkiosk • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-36659
https://notcve.org/view.php?id=CVE-2023-36659
15 Sep 2023 — An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication). Se descubrió un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Las entradas largas no se procesaron adecuadamente, lo que permite a atacantes remotos provocar una denegación de servicio (pérdida de comunicación). • https://docs.opswat.com/mdkiosk • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40778
https://notcve.org/view.php?id=CVE-2022-40778
19 Sep 2022 — A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado en OPSWAT MetaDefender ICAP Server versiones anteriores a 4.13.0, permite a atacantes ejecutar JavaScript o HTML arbitrarios debido a la respuesta de la página bloqueada • https://docs.opswat.com/mdicap/release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 2CVE-2022-32272 – OPSWAT Metadefender Core - Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-32272
09 Jun 2022 — OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. OPSWAT MetaDefender Core antes de la versión 5.1.2, MetaDefender ICAP antes de la versión 4.12.1 y MetaDefender Email Gateway Security antes de la versión 5.6.1 tienen un control de acceso incorrecto, lo que provoca una escalada de privilegios OPSWAT Metadefender Core version 4.21.1 suffers from a privilege escalation v... • https://packetstorm.news/files/id/171549 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32273
https://notcve.org/view.php?id=CVE-2022-32273
08 Jun 2022 — As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. Como resultado de una discrepancia observable en los mensajes devueltos, OPSWAT MetaDefender Core (MDCore) versiones anteriores a 5.1.2, podría permitir a un usuario autenticado enumerar nombres de archivos en el servidor • https://docs.opswat.com/mdcore/release-notes • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16275
https://notcve.org/view.php?id=CVE-2018-16275
31 Aug 2018 — OPSWAT MetaDefender before v4.11.2 allows CSV injection. OPSWAT MetaDefender en versiones anteriores a la v4.11.2 permite la inyección CSV. • https://onlinehelp.opswat.com/corev4/10._Release_notes.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •