Cyber Resilience

CVE-2024-54724

CriticalRCE

Published: 09 January 2025

Published
09 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0059 43.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2024-54724 is a critical-severity Code Injection (CWE-94) vulnerability in Phpyun (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2024-54724 is a critical code execution vulnerability in PHPYun versions prior to 7.0.2, stemming from a backdoor that enables restricted arbitrary file writing combined with file inclusion. Classified under CWE-94 (Code Injection), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its potential for severe impact due to network accessibility, low attack complexity, and no prerequisites for privileges or user interaction.

Remote, unauthenticated attackers can exploit this vulnerability over the network to achieve arbitrary code execution on the target system. By leveraging the backdoor's file writing and inclusion mechanisms, attackers gain high-level control over confidentiality, integrity, and availability, potentially leading to full system compromise.

Advisories recommend upgrading to PHPYun 7.0.2 or later to mitigate the issue. Further details are provided in references at http://phpyun.com and https://github.com/la12138la/detail/blob/main/1.md.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Direct RCE via unauthenticated exploitation of public-facing PHP app backdoor using file write + inclusion, enabling web shell deployment.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-10057Shared CWE-94
CVE-2025-52744Shared CWE-94
CVE-2021-47778Shared CWE-94
CVE-2024-12252Shared CWE-94
CVE-2026-42607Shared CWE-94
CVE-2026-25447Shared CWE-94
CVE-2025-61196Shared CWE-94
CVE-2026-35194Shared CWE-94
CVE-2025-62521Shared CWE-94
CVE-2025-59954Shared CWE-94

Affected Assets

Phpyun
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the backdoor vulnerability in PHPYun by applying patches or upgrading to version 7.0.2 or later as recommended.

preventdetect

Monitors and verifies the integrity of application files to detect and prevent unauthorized modifications from the backdoor's arbitrary file writing.

prevent

Validates user inputs to block malicious payloads exploiting the backdoor for file inclusion and code injection.

References