Cyber Resilience

CVE-2024-44373

Critical

Published: 19 August 2025

Published
19 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0157 81.9th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44373 is a critical-severity Path Traversal (CWE-22) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-44373 is a path traversal vulnerability (CWE-22) affecting AllSky software versions from v2023.05.01 through v2024.12.06_06. The flaw resides in the /includes/save_file.php endpoint, where the path and content parameters are improperly handled, enabling an unauthenticated attacker to write arbitrary files. This leads to the creation of a webshell and subsequent remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical.

Any unauthenticated attacker with network access can exploit this vulnerability due to its low complexity and lack of prerequisites. By crafting malicious requests to the vulnerable endpoint, the attacker can upload a webshell, gaining persistent remote code execution on the affected AllSky instance. This could allow full server compromise, including data exfiltration, lateral movement, or further persistence.

Advisories and references, including the research post at gh0stmezh.wordpress.com, the AllSky GitHub repository, the specific save_file.php source code, and a Notion page detailing the CVE, provide additional technical analysis. Security practitioners should review these for patch status or workarounds, as no specific mitigation details are outlined in the core CVE description.

EU & UK References

Vulnerability details

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal on public-facing web endpoint enables unauthenticated arbitrary file write for webshell deployment and RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1661Shared CWE-22
CVE-2026-33529Shared CWE-22
CVE-2026-9550Shared CWE-22
CVE-2019-25471Shared CWE-22
CVE-2024-11642Shared CWE-22
CVE-2025-67684Shared CWE-22
CVE-2025-41758Shared CWE-22
CVE-2025-12382Shared CWE-22
CVE-2025-54446Shared CWE-22
CVE-2026-39844Shared CWE-22

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of path and content parameters at input interfaces to directly block path traversal exploitation in save_file.php.

prevent

Implements a reference monitor to enforce file access policies, preventing unauthorized writes to arbitrary paths targeted by traversal attacks.

preventdetect

Boundary protection at web interfaces filters malicious path traversal payloads and monitors unauthenticated requests to the vulnerable endpoint.

References