Does a CVE affect MetaDefender Core?

In today's rapidly evolving digital landscape, understanding the impact of security vulnerabilities is more crucial than ever. The Common Vulnerabilities and Exposures (CVE) list is an invaluable resource for identifying potential security risks associated with software products. This article provides a comprehensive overview of various CVEs, helping you determine whether MetaDefender Core is affected. By staying informed about these vulnerabilities, you can take proactive measures to protect your systems and data from potential threats.

CVE

Summary

CVE-2024-32113

CVE-2024-32113 is the vulnerability of Apache OFBiz which we don't use in MetaDefender Core

CVE-2024-38856

CVE-2024-32113 is the vulnerability of Apache OFBiz which we don't use in MetaDefender Core

CVE-2024-4367

CVE-2024-4367 does not impact MetaDefender Core

CVE-2024-34342

CVE-2024-34342 does not impact MetaDefender Core

CVE-2024-40725

MetaDefender Core does not use Apache HTTP Server and is not affected by CVE-2024-40725

CVE-2024-40898

MetaDefender Core does not use Apache HTTP Server and is not affected by CVE-2024-40898

CVE-2024-27348

MetaDefender Core does not utilize Apache HugeGraph-Server in its architecture. As a result, it is not susceptible to the CVE-2024-27348 vulnerability

CVE-2018-25103

MetaDefender Core does not use lighttpd, it is not affected by the vulnerabilities identified in CVE-2018-25103

CVE-2024-4603

MetaDefender Core does not use either EVP_PKEY_param_check() or EVP_PKEY_public_check() hence it's not affected by CVE-2024-4603

CVE-2023-46589

MetaDefender Coredoes not use Tomcat, so the product is not impacted by the CVE

CVE-2023-50164

MetaDefender Coreis not built on Apache Struts which is affected by this CVE

CVE-2022-21724

CVE-2022-21724 is not used by MetaDefender Core to make connections to Postgres, so the product is not impacted by the CVE

CVE 2018-2894

MetaDefender Core doesn’t use Java, so this CVE doesn’t impact the product

CVE-2024-38819

MetaDefender Core doesn’t use this framework, so this CVE doesn’t impact the product

CVE-2024-7348

Since MetaDefender Core 5.11.1, we upgraded Postgres to a newer version to address this CVE

CVE-2024-3566

Although MetaDefender Core executes another programs (Nginx, engine processes, engine installation scripts), we do not pass any user-input arguments to these programs. We are not affected by this CVE.

CVE-2024-27980

MetaDefender Core does not use Node.js so it's not affected

CVE-2024-24576

MetaDefender Core does not use Rust in its code so it's not affected

CVE-2024-10979

MetaDefender Core does not use PL/Perl and PL/Python so it's not affected

CVE-2018-15133

MetaDefender Core does not use PHP and Laravel so it's not affected

CVE-2023-40581

CVE-2023-40581 affects yt-dlp, it does not impact MetaDefender Core functionality

CVE-2024-1874

MetaDefender Core does not use PHP so it's not affected

CVE-2025-0411

This vulnerability only affects the GUI version of 7-Zip. Exploitation requires a user to manually open a malicious archive in 7-Zip File Manager and execute a file inside. Since MetaDefender Core’s Archive Engine does not utilize the GUI version of 7-Zip, it is not affected by this CVE

CVE-2024-4577

MetaDefender Core does not use PHP-CGI so it's not affected

CVE-2019-9082

MetaDefender Core does not use ThinkPHP so it's not affected

CVE-2024-21235 CVE-2024-21210 CVE-2024-21217 CVE-2024-21208 CVE-2024-21147 CVE-2024-21144 CVE-2024-21145 CVE-2024-21138 CVE-2024-21131 CVE-2024-21140

MetaDefender Core does not rely on Amazon Corretto JRE or Java as a dependency; therefore, these vulnerabilities do not affect the product. If the Sandbox engine is installed and relies on Amazon Corretto JRE, we strongly recommend upgrading to Amazon Corretto 17 to ensure system security and compatibility. Please follow this article for more information : How to upgrade Amazon Corretto JRE?

CVE-2025-21298

MetaDefender Core itself is not affected by this CVE, but we cannot confirm the same for the engines running inside MetaDefender Core. According to National Vulnerability Database, this CVE affects Windows OS. It is recommended that the users apply the latest security updates to patch this CVE if the user is on the following OS:

  • Windows 10

  • Windows 11 23H2

  • Windows Server 2016, 2019, 2022

Support:

If Further Assistance is required, please proceed to log a support case or chat with our support engineer.