Cyber Resilience

CVE-2024-47051

CriticalRCE

Published: 26 February 2025

Published
26 February 2025
Modified
16 October 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
EPSS Score 0.0111 78.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47051 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Acquia Mautic. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-47051 covers two critical vulnerabilities in Mautic versions before 5.2.3. The first is a Remote Code Execution (RCE) flaw in the asset upload functionality, stemming from insufficient enforcement of allowed file extensions (CWE-94), which permits attackers to bypass restrictions and upload executable files such as PHP scripts. The second is a Path Traversal vulnerability (CWE-23) in the upload validation process, caused by improper handling of path components, enabling manipulation of the file deletion process.

These issues require low-privilege authenticated access (PR:L) and can be exploited remotely (AV:N) with low complexity (AC:L), no user interaction (UI:N), and scope change (S:C), earning a CVSS v3.1 score of 9.1 (C:H/I:L/A:L). Authenticated attackers could achieve RCE by uploading and executing malicious scripts, potentially compromising confidentiality, or delete arbitrary files via path traversal, disrupting integrity and availability on the host system.

The primary advisory at https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2 details these vulnerabilities, with mitigation achieved by upgrading to Mautic 5.2.3 or later, which enforces proper file extension checks and path handling in upload and deletion processes. Additional context on attack vectors is available in OWASP resources on Code Injection and Path Traversal.

EU & UK References

Vulnerability details

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset…

more

upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

RCE via malicious file upload to web app directly enables T1190 (exploiting public-facing application) and T1505.003 (web shell deployment/execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3105Same product: Acquia Mautic
CVE-2024-47053Same product: Acquia Mautic
CVE-2025-14472Same vendor: Acquia
CVE-2024-57487Shared CWE-94
CVE-2025-70995Shared CWE-94
CVE-2026-32367Shared CWE-94
CVE-2026-3352Shared CWE-94
CVE-2026-30117Shared CWE-94
CVE-2026-45708Shared CWE-94
CVE-2023-53888Shared CWE-94

Affected Assets

acquia
mautic
≤ 5.2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates both vulnerabilities by requiring validation of uploaded file extensions and path components to block executable uploads and arbitrary file deletions.

prevent

Addresses the flaws comprehensively by mandating timely identification, testing, and installation of patches such as upgrading to Mautic 5.2.3.

prevent

Restricts insertion of harmful inputs like executable file extensions and path traversal sequences into the upload and deletion processes.

References