VYPR

Codemeter Runtime

by Wibu

CVEs (7)

  • CVE-2023-3935CriSep 13, 2023
    risk 0.64cvss 9.8epss 0.02

    A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

  • CVE-2025-47809HigMay 16, 2025
    risk 0.53cvss 8.2epss 0.00

    Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the…

  • CVE-2020-37017HigJan 29, 2026
    risk 0.51cvss 7.8epss 0.00

    CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that…

  • CVE-2021-41057HigNov 14, 2021
    risk 0.46cvss 7.1epss 0.00

    In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.

  • CVE-2017-13754MedSep 7, 2017
    risk 0.38cvss 5.4epss 0.04

    Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.

  • CVE-2014-8419Nov 26, 2014
    risk 0.00cvss epss 0.01

    Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.

  • CVE-2011-4057Jan 13, 2012
    risk 0.00cvss epss 0.05

    Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.