CVE-2024-12088

Medium

Published: 14 January 2025

Published

14 January 2025

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Score 0.0289 86.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12088 is a medium-severity Path Traversal (CWE-22) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 13.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Ingress Tool Transfer (T1105) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation through patching rsync directly eliminates the path traversal vulnerability exploited via crafted symbolic links.

SI-10 Information Input Validation good match

prevent

Information input validation ensures rsync properly checks symbolic link destinations to block path traversal outside the intended directory.

AC-6 Least Privilege partial match

prevent

Least privilege limits the scope of arbitrary file writes by running the rsync client with minimal permissions, reducing potential damage.

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

T1608.001 Upload Malware Resource Development

Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.

attack.mitre.org →

T1608.002 Upload Tool Resource Development

Adversaries may upload tools to third-party or adversary controlled infrastructure to make it accessible during targeting.

attack.mitre.org →

Why these techniques?

The path traversal vulnerability in the rsync client (bypassing --safe-links via nested symlinks) allows a malicious rsync server to write arbitrary files outside the intended directory, enabling ingress tool transfer and staging of malware/tools on the victim system.

NVD Description

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability,…

which may lead to arbitrary file write outside the desired directory.

Deeper analysisAI

CVE-2024-12088 is a path traversal vulnerability (CWE-22) in the rsync client. When the --safe-links option is used, the client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This flaw may lead to arbitrary file writes outside the desired directory. The vulnerability has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) and was published on 2025-01-14.

A remote attacker with no privileges can exploit this vulnerability by controlling an rsync server and sending specially crafted symbolic links to a client using the --safe-links option during a file transfer. Exploitation requires user interaction, such as initiating the rsync client command to pull files from the malicious server. Successful attacks allow the attacker to achieve high-impact integrity violations by writing files to arbitrary locations on the client's filesystem.

Red Hat has issued multiple advisories addressing this issue, including RHBA-2025:6470, RHSA-2025:2600, RHSA-2025:7050, and RHSA-2025:8385. Further details on the vulnerability and mitigations are available at https://access.redhat.com/security/cve/CVE-2024-12088.