CVE-2023-43687
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: MITRE
Description
Description
An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| malwarebytes | nebula | * |
| malwarebytes | malwarebytes | 5.1.5.116 |
| malwarebytes | malwarebytes | 4.6.14.326 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-421 | The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in Malwarebytes versions before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). It occurs due to a lack of proper locking mechanisms between file verification and execution, which can lead to unintended code execution.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code on the affected system by exploiting the race condition between file verification and execution, potentially compromising system security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70