Cyber Resilience

CVE-2024-25153

Critical

Published: 13 March 2024

Published
13 March 2024
Modified
19 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8222 99.2th percentile
Risk Priority 69 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-25153 is a critical-severity External Control of Assumed-Immutable Web Parameter (CWE-472) vulnerability in Fortra Filecatalyst Workflow. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A directory traversal vulnerability exists in the ftpservlet component of the FileCatalyst Workflow Web Portal. The flaw permits an attacker to supply a specially crafted POST request that writes uploaded files outside the intended uploadtemp directory and potentially into the web portal’s DocumentRoot. The issue is tracked as CVE-2024-25153, carries a CVSS v3.1 score of 9.8, and is associated with CWE-472 and CWE-668.

An unauthenticated remote attacker can exploit the weakness over the network to place arbitrary files, including malicious JSP payloads, on the server. Successful placement in the DocumentRoot enables execution of the uploaded content, resulting in full code execution such as deployment of web shells and subsequent compromise of the host.

Vendor advisories from Fortra (FI-2024-002) and the FileCatalyst release notes for Workflow 5.1.6.114 describe the corrected build and recommend upgrading the Web Portal to that version to eliminate the traversal flaw.

A publicly available proof-of-concept script has been published on GitHub. The EPSS score for the CVE currently stands at 0.8222 with an identical recorded peak, indicating sustained rather than emerging exploitation interest.

EU & UK References

Vulnerability details

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s…

more

DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortra
filecatalyst workflow
5.1.6 · 5.0 — 5.1.6

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-668

Controls whether organization resources are exposed to external system spheres by permitting or prohibiting their use.

addresses: CWE-668

The control ensures information is not released into a security sphere where the recipient lacks matching access authorizations.

addresses: CWE-668

The control ensures information resources are not exposed to the incorrect (public) sphere through review and authorization.

addresses: CWE-668

Protects against data mining that would expose resources to unauthorized spheres by enforcing detection and controls.

addresses: CWE-668

Restricts information flows to ensure resources are not exposed to incorrect or unauthorized spheres.

addresses: CWE-668

Controlling internal connections prevents exposure of resources to unintended internal spheres.

addresses: CWE-668

Knowing exact processing and storage locations helps avoid exposure of resources to incorrect spheres.

addresses: CWE-668

The control prevents exposure of the media resource to the wrong security sphere.

References