Description
In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives.
References (1)
Core 1
Core References
Various Sources
https://www.opswat.com/docs/mdkiosk/release-notes/cve-2024-52925
Scores
CVSS v3
6.8
EPSS
0.0031
EPSS Percentile
23.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
OPSWAT/MetaDefender Kiosk
< 4.7.0
Published
Feb 26, 2025
Tracked Since
Feb 18, 2026