Cyber Resilience

CVE-2024-45257

HighPublic PoC

Published: 08 May 2026

Published
08 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.5902 98.3th percentile
Risk Priority 50 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45257 is a high-severity Command Injection (CWE-77) vulnerability in Chebuya (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-45257 is a command injection vulnerability in BYOB (Build Your Own Botnet) version 2.0 that affects the payload build page. The flaw resides in the freeze function within core/generators.py and permits arbitrary command execution on the server when an attacker supplies a crafted build parameter. It carries a CVSS 3.1 base score of 7.3 and is classified under CWE-77.

Unauthenticated remote attackers can exploit the issue over the network without requiring credentials or user interaction. Successful exploitation grants the ability to run arbitrary commands on the underlying server, resulting in partial impacts to confidentiality, integrity, and availability.

Public references include a detailed technical write-up, the upstream BYOB repository, and a Metasploit module that implements the attack. The associated EPSS score currently stands at 0.5902 with a recorded peak of 0.5955, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py.

CWE(s)

Related Threats

CVEs Like This One

CVE-2025-67397Shared CWE-77
CVE-2026-4048Shared CWE-77
CVE-2026-31059Shared CWE-77
CVE-2026-22284Shared CWE-77
CVE-2024-39783Shared CWE-77
CVE-2025-57199Shared CWE-77
CVE-2024-55030Shared CWE-77
CVE-2024-57536Shared CWE-77
CVE-2025-34267Shared CWE-77
CVE-2026-30898Shared CWE-77

Affected Assets

Chebuya
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References