OPSWAT MetaDefender Kiosk Arbitrary Code Execution Vulnerability via USB Drive Unlock Feature

Vulnerability

A vulnerability in OPSWAT MetaDefender Kiosk versions prior to 4.7.0 allows for arbitrary code execution. This issue arises when an attacker uses the 'MD Kiosk Unlock Device' feature on software-encrypted USB drives.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OPSWAT MetaDefender Kiosk Arbitrary Code Execution Vulnerability via USB Drive Unlock Feature

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating