CVE-2023-25953 – A code injection vulnerability in LINE WORKS Dr... (How to Fix)

Q: What is the severity of CVE-2023-25953?

CVE-2023-25953 has a CVSS score of 9.8 (CRITICAL). A code injection vulnerability in LINE WORKS Drive Explorer for macOS allows authenticated attackers to execute arbitrary code with full disk access privileges. This affects macOS users running Drive Explorer version 3.5.4 or earlier. Successful exploitation could lead to complete system compromise.

📋 TL;DR

A code injection vulnerability in LINE WORKS Drive Explorer for macOS allows authenticated attackers to execute arbitrary code with full disk access privileges. This affects macOS users running Drive Explorer version 3.5.4 or earlier. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

LINE WORKS Drive Explorer

Versions: 3.5.4 and earlier

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have login access to the macOS client where Drive Explorer is installed.

📦 What is this software?

Drive Explorer by Worksmobile

View all CVEs affecting Drive Explorer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full system control, reads/writes all files, installs persistent malware, and accesses sensitive data across the entire disk.

🟠

Likely Case

Attacker with client access executes malicious code to steal files, install backdoors, or pivot to other systems on the network.

🟢

If Mitigated

Limited to authenticated users only; proper privilege separation and network segmentation reduce lateral movement potential.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the client system; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.5 or later

Vendor Advisory: https://line.worksmobile.com/jp/release-notes/20230216/

Restart Required: Yes

Instructions:

1. Open LINE WORKS Drive Explorer. 2. Check for updates via the application menu. 3. Install version 3.5.5 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable or Uninstall Drive Explorer

macOS

Remove the vulnerable application until patching is possible.

sudo rm -rf /Applications/Drive\ Explorer.app

Restrict Application Privileges

macOS

Remove full disk access from Drive Explorer in System Settings.

🧯 If You Can't Patch

Restrict user access to macOS systems with Drive Explorer installed.
Implement application allowlisting to prevent unauthorized code execution.

🔍 How to Verify

Check if Vulnerable:

Check Drive Explorer version in 'About Drive Explorer' menu; if version is 3.5.4 or earlier, it is vulnerable.

Check Version:

defaults read /Applications/Drive\ Explorer.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Confirm version is 3.5.5 or later in the 'About Drive Explorer' menu.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from Drive Explorer
File access patterns outside normal Drive Explorer operations

Network Indicators:

Unexpected outbound connections from systems with Drive Explorer

SIEM Query:

process_name:"Drive Explorer" AND (process_args:contains("sh") OR process_args:contains("bash"))

📊 Metadata

CVE ID: CVE-2023-25953

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: May 23, 2023

Last Updated: January 17, 2025

🔗 References

https://jvn.jp/en/jp/JVN01937209/ Third Party Advisory
https://line.worksmobile.com/jp/release-notes/20230216/ Release Notes
https://jvn.jp/en/jp/JVN01937209/ Third Party Advisory
https://line.worksmobile.com/jp/release-notes/20230216/ Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25953, you might also want to check these: