CVE-2024-53586
Published: 06 February 2025
Summary
CVE-2024-53586 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-53586 is a path traversal vulnerability in WebFileSys version 2.31.0 that resides in the relPath parameter. The flaw, tracked under CWE-22, permits manipulation of file paths through specially crafted input, enabling access to resources outside the application's intended directory scope. It carries a CVSS 3.1 base score of 5.3 reflecting network attack vector, low complexity, and no required authentication or user interaction, with impact limited to partial confidentiality exposure.
An unauthenticated remote attacker can submit an HTTP request containing directory traversal sequences in the relPath parameter to read arbitrary files on the server. Successful exploitation yields unauthorized disclosure of sensitive data stored outside the web-accessible root without affecting integrity or availability.
The EPSS score for this CVE reached a peak of 0.0820 after disclosure, indicating a measurable increase in observed exploitation interest from an initially low baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52001
Vulnerability details
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files,…
more
potentially exposing data outside the intended directory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.