Cyber Resilience

CVE-2024-35532

Critical

Published: 07 January 2025

Published
07 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0012 29.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-35532 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Intersec Geosafe-ea (inferred from references). Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-35532 is an XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea versions 2022.12, 2022.13, and 2022.14. Published on 2025-01-07, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) and is linked to CWE-125.

The vulnerability enables remote attackers requiring no privileges or user interaction to exploit it over the network with low attack complexity. Exploitation allows arbitrary file reading under the privileges of the running process, Server-Side Request Forgery (SSRF) requests, or Denial of Service (DoS) conditions via unspecified vectors.

Mitigation guidance is available in the Post Cyber Labs advisory at https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2024-35532.pdf and on the vendor's public safety page at https://intersec.com/public-safety.

EU & UK References

Vulnerability details

An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process, make SSRF requests, or cause a Denial of Service (DoS) via unspecified…

more

vectors.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

XXE directly enables remote exploitation of a public-facing application (T1190) for arbitrary local file reads (T1005) under process privileges, plus SSRF/DoS impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25181Shared CWE-125
CVE-2024-48457Shared CWE-125
CVE-2025-30347Shared CWE-125
CVE-2026-33669Shared CWE-125
CVE-2025-55100Shared CWE-125
CVE-2025-20916Shared CWE-125
CVE-2025-20918Shared CWE-125
CVE-2025-54950Shared CWE-125
CVE-2026-22855Shared CWE-125
CVE-2024-53834Shared CWE-125

Affected Assets

Intersec
Geosafe-ea
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the XXE vulnerability by requiring identification, reporting, and patching of the specific flaw in Intersec Geosafe-ea software.

prevent

Validates XML inputs to detect and block malicious external entity declarations that enable file reading, SSRF, or DoS via XXE.

prevent

Enforces secure configuration of XML parsers in the affected software to disable external entity processing and DTD resolution.

References