Cyber Posture

CVE-2024-54448

HighRCE

Published: 14 March 2025

Published
14 March 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 26.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54448 is a high-severity Code Injection (CWE-94) vulnerability in Logicaldoc Logicaldoc. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents code injection in Automation Scripting by validating all user inputs before processing.

AC-6 Least Privilege good match
prevent

Enforces least privilege to restrict access to Automation Scripting to only essential administrator accounts, blocking exploitation.

SI-2 Flaw Remediation good match
prevent

Remediates the specific code injection flaw through timely patching of LogicalDOC, eliminating the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

The vulnerability in Automation Scripting allows authenticated high-privilege attackers to execute arbitrary OS commands, enabling Command and Scripting Interpreter (T1059) and Exploitation of Remote Services (T1210).

NVD Description

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out…

more

the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.

Deeper analysisAI

CVE-2024-54448 is a code injection vulnerability (CWE-94) in the Automation Scripting functionality of LogicalDOC, a document management system. It affects the web server running LogicalDOC, enabling attackers to execute arbitrary system commands on the underlying operating system. The vulnerability has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-14.

Exploitation requires an authenticated account with administrator privileges or explicit access to the Automation Scripting feature. Attackers can leverage network access to trigger the vulnerability, achieving high-impact confidentiality, integrity, and availability effects by running arbitrary commands on the host operating system.

For mitigation details, refer to the advisory published by Black Duck at https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html.

Details

CWE(s)
CWE-94

Affected Products

logicaldoc
logicaldoc
≤ 9.1 · ≤ 9.1

CVEs Like This One

CVE-2025-12547Same product: Logicaldoc Logicaldoc
CVE-2024-54449Same product: Logicaldoc Logicaldoc
CVE-2026-21537Shared CWE-94
CVE-2025-70364Shared CWE-94
CVE-2024-49747Shared CWE-94
CVE-2026-0498Shared CWE-94
CVE-2025-22906Shared CWE-94
CVE-2025-71281Shared CWE-94
CVE-2025-48984Shared CWE-94
CVE-2024-9132Shared CWE-94

References