Primary

Context

MEmu Play Privilege Escalation Vulnerability via Insecure File Permissions

Vulnerability

A privilege escalation vulnerability has been identified in MEmu Play version 6.0.7. This issue arises from insecure file permissions that allow low-privilege users to replace the MemuService.exe executable with a malicious file. The replaced executable is executed with system-level privileges when the service is restarted after a computer reboot.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with the malicious executable running under the Local System account, granting elevated rights on the affected machine.

Reproduction

To reproduce this vulnerability, a low-privilege user must rename the original MemuService.exe file and replace it with a malicious executable. After overwriting the file, the user can restart the computer, which triggers the execution of the malicious file with system-level privileges.

Added: Mar 21, 2026, 1:19 PM

Updated: Mar 21, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.6

remediation

0.0

relevance

4.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MEmu Play Privilege Escalation Vulnerability via Insecure File Permissions

Vulnerability

Impact

Reproduction

Affected Products

Microvirt MEmu Play

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating