Code Injection Vulnerability in Drive Explorer for macOS by LINE WORKS
CVE-2023-25953

9.8CRITICAL

Key Information:

Vendor: Works Mobile Japan Corp.
Status: Drive Explorer For Mac OS
Vendor: CVE Published:; 23 May 2023

🔔 Create Works Mobile Japan Corp. Vulnerability Alert

What is CVE-2023-25953?

A code injection vulnerability exists in Drive Explorer for macOS, where an authenticated attacker can exploit the software to inject arbitrary code during processing. This requires the execution of Drive Explorer under a user account with full disk access privileges, giving the attacker the potential ability to read from and write to files across the system without the necessary permissions. This vulnerability affects Drive Explorer versions 3.5.4 and earlier, emphasizing the need for users to upgrade to more secure versions or implement additional safeguards.

Affected Version(s)

Drive Explorer for macOS versions 3.5.4 and earlier

References

https://line.worksmobile.com/jp/release-notes/20230216/

https://jvn.jp/en/jp/JVN01937209/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Mar 15, 2023

CVE-2023-25953 Data

JSON