Bluestacks
Products
2- 8 CVEs
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4288 | Hig | 0.55 | 8.4 | 0.01 | Jan 6, 2017 | A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges. | ||
| CVE-2019-25293 | Hig | 0.51 | 7.8 | 0.00 | Feb 6, 2026 | BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files… | ||
| CVE-2019-25548 | Med | 0.40 | 6.2 | 0.00 | Mar 21, 2026 | BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation… | ||
| CVE-2025-44964 | 0.00 | — | 0.00 | Aug 5, 2025 | A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. | |||
| CVE-2020-24367 | 0.00 | — | 0.00 | Nov 10, 2020 | Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | |||
| CVE-2019-14220 | 0.00 | — | 0.01 | Sep 24, 2019 | An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call.… | |||
| CVE-2019-12936 | 0.00 | — | 0.03 | Jun 23, 2019 | BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions. | |||
| CVE-2018-0701 | 0.00 | — | 0.01 | Nov 15, 2018 | BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access. |
- risk 0.55cvss 8.4epss 0.01
A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges.
- risk 0.51cvss 7.8epss 0.00
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files…
- risk 0.40cvss 6.2epss 0.00
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation…
- CVE-2025-44964Aug 5, 2025risk 0.00cvss —epss 0.00
A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
- CVE-2020-24367Nov 10, 2020risk 0.00cvss —epss 0.00
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.
- CVE-2019-14220Sep 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in BlueStacks 4.110 and below on macOS and on 4.120 and below on Windows. BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call.…
- CVE-2019-12936Jun 23, 2019risk 0.00cvss —epss 0.03
BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.
- CVE-2018-0701Nov 15, 2018risk 0.00cvss —epss 0.01
BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31.55, BlueStacks App Player for macOS 2.0.0 and later) allows an attacker on the same network segment to bypass access restriction to gain unauthorized access.