Cyber Resilience

CVE-2024-51736

Low

Published: 06 November 2024

Published
06 November 2024
Modified
04 September 2025
KEV Added
Patch
CVSS Score v3.1 0.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
EPSS Score 0.0078 74.2th percentile
Risk Priority 0 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51736 is a uncategorised-severity Command Injection (CWE-77) vulnerability in Sensiolabs Symfony. Its CVSS base score is 0.0.

Operationally, ranked in the top 25.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing…

more

command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sensiolabs
symfony
≤ 5.4.46 · 6.0.0 — 6.4.14 · 7.0.0 — 7.1.7

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References