Cyber Resilience

CVE-2024-48225

MediumPublic PoC

Published: 25 October 2024

Published
25 October 2024
Modified
31 October 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0013 32.3th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48225 is a medium-severity an unspecified weakness vulnerability in Funadmin Funadmin. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 32.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
Why these techniques?

Arbitrary file deletion vulnerability allows adversaries to delete any file via path traversal (e.g., /curd/index/delfile?id=../file), facilitating indicator removal and covering tracks by deleting logs, malware artifacts, or other evidence.

Affected Assets

funadmin
funadmin
5.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References