CVE-2020-37140

low-risk
Published 2026-02-05

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Aida64

Affected Vendors

Aida64

References (3)

Product https://web.archive.org/web/20191223010612/https://www.aida64.com/
Exploit https://www.exploit-db.com/exploits/48259
Third Party Advisory https://www.vulncheck.com/advisories/everest-open-file-denial-of-service
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal