CVE-2024-54449
Published: 14 March 2025
Summary
CVE-2024-54449 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Logicaldoc Logicaldoc. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates relative path traversal (CWE-23) by validating API inputs for completeness, correctness, and absence of traversal sequences like '../' before processing file write operations.
Enforces approved authorizations to restrict authenticated users' file write operations to only permitted document locations, preventing arbitrary file placement on the file system.
Addresses the specific flaw in LogicalDOC API endpoints through timely flaw remediation, including applying vendor patches to eliminate the path traversal vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated arbitrary file write in web app API enables public-facing app exploitation (T1190), privilege escalation to RCE (T1068), and web shell deployment for persistence/execution (T1505.003).
NVD Description
The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be…
more
used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.
Deeper analysisAI
CVE-2024-54449 is a high-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting LogicalDOC, a document management application. It stems from a flaw (CWE-23: Relative Path Traversal) in two endpoints of the API used to interact with documents. These endpoints enable an authenticated attacker to write a file with attacker-controlled contents to an arbitrary location on the underlying file system of the web server hosting LogicalDOC, facilitating remote code execution (RCE).
An attacker requires an authenticated account with read and write privileges on at least one existing document in the application to exploit the vulnerability. Once exploited, the attacker can achieve RCE by writing malicious files, allowing them to execute arbitrary commands on the operating system of the LogicalDOC web server.
For details on mitigation, including any patches or advisories, refer to the CYRC advisory published by Black Duck at https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html.
Details
- CWE(s)