CVE-2020-37129
Published: 05 February 2026
Summary
CVE-2020-37129 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Memuplay (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-34 (Non-modifiable Executable Programs).
Deeper analysis
CVE-2020-37129 is an insecure folder permissions vulnerability (CWE-276) affecting Memu Play version 7.1.3, a Windows-based Android emulator. The flaw enables low-privileged users to modify the MemuService.exe executable due to unrestricted file modification permissions in its folder. This critical issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its high severity and potential for remote exploitation without authentication or user interaction.
Low-privileged users with local access to the system can exploit this vulnerability by replacing the legitimate MemuService.exe with a malicious executable. Upon system restart, the tampered service runs with SYSTEM-level privileges, allowing attackers to achieve full compromise of the host machine, including unauthorized access to sensitive data, execution of arbitrary code, and persistence mechanisms.
Advisories and related resources, including the VulnCheck advisory at https://www.vulncheck.com/advisories/memu-play-insecure-folder-permissions, the vendor site at https://www.memuplay.com/, and a proof-of-concept exploit at https://www.exploit-db.com/exploits/48283, provide further details on the issue. Practitioners should consult these for recommended mitigations, such as updating to a patched version of Memu Play or applying restrictive folder permissions to prevent unauthorized modifications.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31025
Vulnerability details
Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification…
more
permissions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure folder permissions on MemuService.exe directly match Services File Permissions Weakness (T1574.010), enabling binary replacement for SYSTEM-level execution via the Windows service (T1543.003) and resulting in privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved access authorizations on files and folders, preventing low-privileged users from modifying the MemuService.exe executable.
Prevents unauthorized modification of critical executable programs like MemuService.exe that run with SYSTEM privileges.
Remediates the insecure folder permissions flaw by applying vendor patches or fixes to eliminate the vulnerability.