CVE-2024-51505

High

Published: 18 February 2025

Published

18 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0007 21.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51505 is a high-severity Race Condition (CWE-362) vulnerability in Eviden IDRA (inferred from references). Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation directly patches the race condition (CWE-362) in Atos Eviden IDRA before 2.7.1, preventing Config Admin privilege escalation as advised in PSIRT bulletin 1335.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations robustly to block privilege escalations resulting from race conditions in access control mechanisms.

AC-6 Least Privilege partial match

prevent

Limits Config Admin role privileges to the minimum necessary, reducing the scope and impact of potential escalations even if a race condition is triggered.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE describes a race condition enabling privilege escalation from Config Admin role, directly matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges.

Deeper analysisAI

CVE-2024-51505 is a privilege escalation vulnerability in Atos Eviden IDRA versions prior to 2.7.1, stemming from a race condition (CWE-362). A user with the highly trusted Config Admin role can exploit this flaw to elevate their privileges beyond their assigned access level. The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for comprehensive impact across confidentiality, integrity, and availability in a changed scope.

Exploitation requires network access and high privileges (PR:H), specifically the Config Admin role, along with high attack complexity (AC:H) to successfully trigger the race condition. No user interaction is needed. A successful attack allows the exploit to achieve high impacts, enabling unauthorized control over the system through escalated privileges.

Advisories from Eviden (https://eviden.com) and Bull support (https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view), under PSIRT bulletin 1335 (TLP Clear), address this as part of related privilege escalation issues in IDPKI. Mitigation involves upgrading to IDRA version 2.7.1 or later, where the race condition is resolved.