CVE-2023-25953
Last modified
CVE-2023-25953 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Worksmobile | Drive Explorer | <= 3.5.4 |
References
- https://jvn.jp/en/jp/JVN01937209/Third Party Advisory
- https://jvn.jp/en/jp/JVN01937209/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-25953?
How severe is CVE-2023-25953?
How do I fix CVE-2023-25953?
Are you affected by CVE-2023-25953?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST