Cyber Resilience

CVE-2024-52726

High

Published: 22 November 2024

Published
22 November 2024
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.3212 96.9th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52726 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Crmeb Crmeb. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CRMEB version 5.4.0 contains an arbitrary file read vulnerability in the save_basics function, tracked as CVE-2024-52726 and assigned CWE-125. The flaw carries a CVSS 3.1 score of 7.5 and is exploitable over the network without authentication or user interaction, resulting in high confidentiality impact while leaving integrity and availability unaffected.

An unauthenticated remote attacker can supply crafted input to the affected function and retrieve arbitrary files from the server filesystem, thereby obtaining sensitive information such as configuration data or credentials stored on the system.

Public references consist of a technical gist and proof-of-concept repository that demonstrate the file-read vector; no vendor advisory, patch details, or mitigation guidance appear in the supplied sources. The associated EPSS score stands at 0.3212 with an identical recorded peak, indicating moderate but stable exploitation interest since disclosure.

EU & UK References

Vulnerability details

CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

crmeb
crmeb
5.4.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References