Cyber Resilience

CVE-2024-54448

HighRCE

Published: 14 March 2025

Published
14 March 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0009 26.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54448 is a high-severity Code Injection (CWE-94) vulnerability in Logicaldoc Logicaldoc. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 26.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-54448 is a code injection vulnerability (CWE-94) in the Automation Scripting functionality of LogicalDOC, a document management system. It affects the web server running LogicalDOC, enabling attackers to execute arbitrary system commands on the underlying operating system. The vulnerability has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-14.

Exploitation requires an authenticated account with administrator privileges or explicit access to the Automation Scripting feature. Attackers can leverage network access to trigger the vulnerability, achieving high-impact confidentiality, integrity, and availability effects by running arbitrary commands on the host operating system.

For mitigation details, refer to the advisory published by Black Duck at https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html.

EU & UK References

Vulnerability details

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out…

more

the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The vulnerability in Automation Scripting allows authenticated high-privilege attackers to execute arbitrary OS commands, enabling Command and Scripting Interpreter (T1059) and Exploitation of Remote Services (T1210).

CVEs Like This One

CVE-2024-54449Same product: Logicaldoc Logicaldoc
CVE-2025-12547Same product: Logicaldoc Logicaldoc
CVE-2026-21537Shared CWE-94
CVE-2026-0498Shared CWE-94
CVE-2024-49747Shared CWE-94
CVE-2024-43770Shared CWE-94
CVE-2026-29202Shared CWE-94
CVE-2024-43771Shared CWE-94
CVE-2025-70364Shared CWE-94
CVE-2025-57439Shared CWE-94

Affected Assets

logicaldoc
logicaldoc
≤ 9.1 · ≤ 9.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents code injection in Automation Scripting by validating all user inputs before processing.

prevent

Enforces least privilege to restrict access to Automation Scripting to only essential administrator accounts, blocking exploitation.

prevent

Remediates the specific code injection flaw through timely patching of LogicalDOC, eliminating the vulnerability.

References