Cyber Resilience

CVE-2024-54449

High

Published: 14 March 2025

Published
14 March 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0024 47.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54449 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Logicaldoc Logicaldoc. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 47.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-54449 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting LogicalDOC, a document management application. It stems from a flaw (CWE-23: Relative Path Traversal) in two endpoints of the API used to interact with documents. These endpoints enable an authenticated attacker to write a file with attacker-controlled contents to an arbitrary location on the underlying file system of the web server hosting LogicalDOC, facilitating remote code execution (RCE).

An attacker requires an authenticated account with read and write privileges on at least one existing document in the application to exploit the vulnerability. Once exploited, the attacker can achieve RCE by writing malicious files, allowing them to execute arbitrary commands on the operating system of the LogicalDOC web server.

For details on mitigation, including any patches or advisories, refer to the CYRC advisory published by Black Duck at https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html.

EU & UK References

Vulnerability details

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be…

more

used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Authenticated arbitrary file write in web app API enables public-facing app exploitation (T1190), privilege escalation to RCE (T1068), and web shell deployment for persistence/execution (T1505.003).

CVEs Like This One

CVE-2024-54448Same product: Logicaldoc Logicaldoc
CVE-2025-12547Same product: Logicaldoc Logicaldoc
CVE-2025-54317Shared CWE-23
CVE-2025-23410Shared CWE-23
CVE-2026-30345Shared CWE-23
CVE-2026-32725Shared CWE-23
CVE-2026-26362Shared CWE-23
CVE-2025-26349Shared CWE-23
CVE-2026-33494Shared CWE-23
CVE-2026-8361Shared CWE-23

Affected Assets

logicaldoc
logicaldoc
≤ 9.1 · ≤ 9.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates relative path traversal (CWE-23) by validating API inputs for completeness, correctness, and absence of traversal sequences like '../' before processing file write operations.

prevent

Enforces approved authorizations to restrict authenticated users' file write operations to only permitted document locations, preventing arbitrary file placement on the file system.

prevent

Addresses the specific flaw in LogicalDOC API endpoints through timely flaw remediation, including applying vendor patches to eliminate the path traversal vulnerability.

References