Critical severity9.8NVD Advisory· Published Mar 21, 2026· Updated Apr 21, 2026

CVE-2019-25568

Description

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with system-level privileges when the service restarts after a computer reboot.

Affected products

Microvirt/Memu
cpe:2.3:a:microvirt:memu:*:*:*:*:*:*:*:*
Range: <=6.0.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46437nvdExploitVDB Entry
www.vulncheck.com/advisories/memu-play-privilege-escalation-via-insecure-file-permissionsnvdThird Party Advisory
www.memuplay.comnvdProduct
www.memuplay.com/download-en.phpnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000