Cyber Resilience

CVE-2024-32258

High

Published: 23 April 2024

Published
23 April 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.5575 98.1th percentile
Risk Priority 51 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32258 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-32258 is a path traversal vulnerability (CWE-22) in the network server component of FCEUX 2.7.0, an emulator for Nintendo Entertainment System titles. The flaw permits unauthenticated remote actors to supply a maliciously crafted ROM that traverses the filesystem and overwrites arbitrary files on the host running the server.

An attacker can reach the vulnerable server over the network without credentials or user interaction, achieving full control over file contents. The CVSS 3.1 score of 8.8 reflects the combination of network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

The current EPSS of 0.5575 matches its recorded peak and shows no material post-disclosure increase. Public references consist of GitHub issue reports and a proof-of-concept repository, but contain no vendor advisory or patch details.

EU & UK References

Vulnerability details

The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References