CVE-2024-49587
Published: 19 December 2025
Summary
CVE-2024-49587 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Safebase (inferred from references). Its CVSS base score is 9.1 (Critical).
Operationally, ranked at the 20.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-55358
Vulnerability details
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed…
more
to all Apollo-managed Gotham Instances
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.