Cyber Resilience

CVE-2024-41787

Critical

Published: 10 January 2025

Published
10 January 2025
Modified
20 August 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41787 is a critical-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Ibm Doors Next. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-2 (Flaw Remediation).

Deeper analysis

IBM Engineering Requirements Management DOORS Next versions 7.0.2 and 7.0.3 are affected by CVE-2024-41787, a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from a race condition (CWE-367). This flaw enables a remote attacker to bypass security restrictions by sending a specially crafted request, potentially leading to remote code execution.

The vulnerability can be exploited by any unauthenticated remote attacker over the network with low complexity and no user interaction required. Successful exploitation grants high-impact access, allowing the attacker to achieve full confidentiality, integrity, and availability compromise on the targeted system.

For mitigation details, refer to the official IBM advisory at https://www.ibm.com/support/pages/node/7180636, which outlines available patches and remediation steps.

EU & UK References

Vulnerability details

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote code execution via crafted request against public-facing IBM DOORS Next web application directly matches exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-8633Same vendor: Ibm
CVE-2025-0159Same vendor: Ibm
CVE-2023-49886Same vendor: Ibm
CVE-2026-1343Same vendor: Ibm
CVE-2026-8620Same vendor: Ibm
CVE-2024-39750Same vendor: Ibm
CVE-2026-9170Same vendor: Ibm
CVE-2026-3366Same vendor: Ibm
CVE-2026-8175Same vendor: Ibm
CVE-2025-36379Same vendor: Ibm

Affected Assets

ibm
doors next
7.0.2, 7.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the race condition vulnerability by applying vendor patches as specified in the IBM advisory.

prevent

Implements a reference monitor that ensures complete mediation without time-of-check-to-time-of-use race conditions allowing security bypass.

prevent

Validates specially crafted requests to mitigate exploitation attempts targeting the race condition.

References