Cyber Posture

CVE-2020-37129

CriticalPublic PoC

Published: 05 February 2026

Published
05 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37129 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Memuplay (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-34 (Non-modifiable Executable Programs).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved access authorizations on files and folders, preventing low-privileged users from modifying the MemuService.exe executable.

SC-34 Non-modifiable Executable Programs good match
prevent

Prevents unauthorized modification of critical executable programs like MemuService.exe that run with SYSTEM privileges.

SI-2 Flaw Remediation good match
prevent

Remediates the insecure folder permissions flaw by applying vendor patches or fixes to eliminate the vulnerability.

NVD Description

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification…

more

permissions.

Deeper analysisAI

CVE-2020-37129 is an insecure folder permissions vulnerability (CWE-276) affecting Memu Play version 7.1.3, a Windows-based Android emulator. The flaw enables low-privileged users to modify the MemuService.exe executable due to unrestricted file modification permissions in its folder. This critical issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its high severity and potential for remote exploitation without authentication or user interaction.

Low-privileged users with local access to the system can exploit this vulnerability by replacing the legitimate MemuService.exe with a malicious executable. Upon system restart, the tampered service runs with SYSTEM-level privileges, allowing attackers to achieve full compromise of the host machine, including unauthorized access to sensitive data, execution of arbitrary code, and persistence mechanisms.

Advisories and related resources, including the VulnCheck advisory at https://www.vulncheck.com/advisories/memu-play-insecure-folder-permissions, the vendor site at https://www.memuplay.com/, and a proof-of-concept exploit at https://www.exploit-db.com/exploits/48283, provide further details on the issue. Practitioners should consult these for recommended mitigations, such as updating to a patched version of Memu Play or applying restrictive folder permissions to prevent unauthorized modifications.

Details

CWE(s)
CWE-276

Affected Products

Memuplay
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-24107Shared CWE-276
CVE-2024-53841Shared CWE-276
CVE-2024-43166Shared CWE-276
CVE-2021-47852Shared CWE-276
CVE-2026-32983Shared CWE-276
CVE-2024-53840Shared CWE-276
CVE-2025-24172Shared CWE-276
CVE-2025-24093Shared CWE-276
CVE-2024-11468Shared CWE-276
CVE-2024-55959Shared CWE-276

References