Strix
26.1K

CVE-2024-25533

CRITICALCVSS 9.4/10EPSS 0.72%

Last modified

CVE-2024-25533 is a critical-severity vulnerability rated 9.4/10 on the CVSS scale. Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.. EPSS estimates a 0.72% chance of exploitation in the next 30 days.

Description

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.

Metrics

CVSS 3.1
9.4/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS Probability
0.72%

49.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
RuvarRuvaroa6.01
RuvarRuvaroa12.01

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-25533?
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.
How severe is CVE-2024-25533?
CVE-2024-25533 has a CVSS score of 9.4/10 (CRITICAL severity). The EPSS model estimates a 0.72% probability of exploitation in the next 30 days.
How do I fix CVE-2024-25533?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-25533?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST