A critical code injection vulnerability in Mesalvo Meona allows an attacker to execute arbitrary code on the systems of other connected users.

This is a code injection vulnerability affecting both the Client Launcher and Server components. It enables an attacker to influence the generation of code, which is then executed on the systems of other users.

Successful exploitation allows for cross-user code execution, leading to potential lateral movement, data theft, or compromise of connected workstations. With a CVSS score of 9.0, this represents a major risk to the security of the Meona application environment.

Immediate Action: Update both the Mesalvo Meona Client Launcher and Server components to the latest version.

Proactive Monitoring: Review application logs for suspicious activity or attempts to inject unexpected code into the system environment.

Compensating Controls: Limit access to the Meona environment to authorized users only and implement endpoint protection to detect and block unauthorized process execution.

Public Exploit Available: false

Given the ability to execute code across user sessions, immediate patching of both client and server components is mandatory. Administrators must ensure all instances are brought up to the latest secure version to prevent cross-user exploitation.