Cyber Resilience

CVE-2024-32399

High

Published: 22 April 2024

Published
22 April 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
EPSS Score 0.8351 99.3th percentile
Risk Priority 65 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32399 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.6 (High).

Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-32399 is a directory traversal vulnerability, tracked as CWE-22, that affects RaidenMAILD Mail Server versions 4.9.4 and earlier. The flaw resides in the /webeditor/ component and permits remote attackers to access sensitive files on the server.

An attacker with low-privileged network access can exploit the issue by sending a crafted request that traverses directories, resulting in disclosure of sensitive information. The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L indicates that successful exploitation can produce high confidentiality and integrity impact with limited availability consequences, though user interaction is required.

Public references consist of GitHub repositories containing proof-of-concept material, but no vendor advisory or patch information is provided in the available sources. The EPSS score has reached a current value of 0.8351 with a recorded peak of 0.8526, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References