CVE-2024-45257
Published: 08 May 2026
Summary
CVE-2024-45257 is a high-severity Command Injection (CWE-77) vulnerability in Chebuya (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-45257 is a command injection vulnerability in BYOB (Build Your Own Botnet) version 2.0 that affects the payload build page. The flaw resides in the freeze function within core/generators.py and permits arbitrary command execution on the server when an attacker supplies a crafted build parameter. It carries a CVSS 3.1 base score of 7.3 and is classified under CWE-77.
Unauthenticated remote attackers can exploit the issue over the network without requiring credentials or user interaction. Successful exploitation grants the ability to run arbitrary commands on the underlying server, resulting in partial impacts to confidentiality, integrity, and availability.
Public references include a detailed technical write-up, the upstream BYOB repository, and a Metasploit module that implements the attack. The associated EPSS score currently stands at 0.5902 with a recorded peak of 0.5955, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-55569
Vulnerability details
A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.