CVE-2024-52726
Published: 22 November 2024
Summary
CVE-2024-52726 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Crmeb Crmeb. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CRMEB version 5.4.0 contains an arbitrary file read vulnerability in the save_basics function, tracked as CVE-2024-52726 and assigned CWE-125. The flaw carries a CVSS 3.1 score of 7.5 and is exploitable over the network without authentication or user interaction, resulting in high confidentiality impact while leaving integrity and availability unaffected.
An unauthenticated remote attacker can supply crafted input to the affected function and retrieve arbitrary files from the server filesystem, thereby obtaining sensitive information such as configuration data or credentials stored on the system.
Public references consist of a technical gist and proof-of-concept repository that demonstrate the file-read vector; no vendor advisory, patch details, or mitigation guidance appear in the supplied sources. The associated EPSS score stands at 0.3212 with an identical recorded peak, indicating moderate but stable exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46065
Vulnerability details
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.