What is CVE-2020-37017?

CVE-2020-37017 is a high-severity vulnerability in Wibu Codemeter, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-01-29.

How severe is CVE-2020-37017?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Wibu Codemeter

CVE-2020-37017

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server se…

EPSS: 0.000 (6.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Wibu Codemeter — versions 6.60

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

ExploitDB-48735 (exploit)
CodeMeter Runtime Product Homepage (product)
VulnCheck Advisory: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path (third-party-advisory)

Frequently asked questions

What is CVE-2020-37017?: CVE-2020-37017 is a high-severity vulnerability in Wibu Codemeter, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2026-01-29.
How severe is CVE-2020-37017?: High severity. CVSS v3 base score is 7.8 out of 10.