CVE-2024-25153

{"id": "CVE-2024-25153", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-03-13T15:15:50.913", "references": [{"url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html", "tags": ["Release Notes"], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}, {"url": "https://www.fortra.com/security/advisory/fi-2024-002", "tags": ["Vendor Advisory"], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}, {"url": "https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.fortra.com/security/advisory/fi-2024-002", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/nettitude/CVE-2024-25153/blob/master/CVE-2024-25153.py", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "description": [{"lang": "en", "value": "CWE-472"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal within the \u2018ftpservlet\u2019 of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended \u2018uploadtemp\u2019 directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal\u2019s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells."}, {"lang": "es", "value": "Un directory traversal dentro del 'ftpservlet' de FileCatalyst Workflow Web Portal permite cargar archivos fuera del directorio 'uploadtemp' previsto con una solicitud POST especialmente manipulada. En situaciones en las que un archivo se carga correctamente en DocumentRoot del portal web, se pueden utilizar archivos JSP especialmente manipulados para ejecutar c\u00f3digo, incluidos los shells web."}], "lastModified": "2025-09-19T13:15:42.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC2A7572-B5E1-443B-A63D-FFC98EDD8224", "versionEndExcluding": "5.1.6", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:5.1.6:build112:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C338109-0CF4-4212-BF34-A3ECBEC7FDA2"}], "operator": "OR"}]}], "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}