Cyber Resilience

CVE-2024-50623

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 28 October 2024

Published
28 October 2024
Modified
05 November 2025
KEV Added
13 December 2024
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9401 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50623 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Cleo Harmony. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

Cleo Harmony, VLTrader, and LexiCom versions prior to 5.8.0.21 contain an unrestricted file upload and download flaw tracked as CVE-2024-50623. The issue stems from missing validation on file types and paths during transfer operations, allowing arbitrary files to be placed on or retrieved from the affected system and directly enabling remote code execution.

An unauthenticated attacker with network access can upload a malicious executable or script, then trigger its execution through the application or underlying operating system, achieving full control over the target host. The vulnerability carries a CVSS 3.1 score of 9.8, reflecting that no credentials or user interaction are required.

Cleo’s security advisory recommends immediate upgrade to version 5.8.0.21 or later for all three products. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.

The associated EPSS score has reached a peak of 0.9694 with a current value of 0.9401, indicating sustained and widespread exploitation interest since disclosure.

EU & UK References

Vulnerability details

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

CWE(s)
KEV Date Added
13 December 2024

Related Threats

Threat-Actor AttributionAI

Cl0paka Clop
CISA KEV lists CVE-2024-50623 under known ransomware exploitation; public reporting attributes mass exploitation of the Cleo zero-day to the Cl0p group.

Affected Assets

cleo
harmony
≤ 5.8.0.21
cleo
lexicom
≤ 5.8.0.21
cleo
vltrader
≤ 5.8.0.21

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the unauthenticated file upload/download operations that enable arbitrary file placement and RCE.

prevent

Requires validation of all input files to reject malicious payloads before they can be stored or executed.

preventdetect

Deploys malicious-code scanning on uploaded content to stop or alert on weaponized files used for RCE.

References