Cyber Posture

CVE-2024-54852

CriticalPublic PoC

Published: 29 January 2025

Published
29 January 2025
Modified
24 May 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 31.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54852 is a critical-severity LDAP Injection (CWE-90) vulnerability in Sismics Teedy. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Password Spraying (T1110.003); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Password Spraying (T1110.003) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation and sanitization of user inputs like the login username field to prevent LDAP injection attacks.

SI-2 Flaw Remediation good match
prevent

Mandates identification, reporting, and correction of flaws such as improper input sanitization in LDAP query construction.

AC-2 Account Management partial match
prevent

Provides management of accounts to detect and prevent unauthorized creations resulting from exploited LDAP injection.

MITRE ATT&CK Enterprise TechniquesAI

T1110.003 Password Spraying Credential Access
Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials.
attack.mitre.org →
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

LDAP injection in the public-facing login form enables unauthenticated exploitation (T1190), arbitrary account creation (T1136), and password spraying (T1110.003).

NVD Description

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various…

more

malicious actions, such as creating arbitrary accounts and spraying passwords.

Deeper analysisAI

CVE-2024-54852 is an LDAP injection vulnerability (CWE-90) in Teedy versions 1.9 through 1.12 when LDAP connection is activated. The flaw arises from improper sanitization of user input in the username field of the login form, enabling injection of malicious LDAP queries. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its network accessibility and lack of prerequisites.

An unauthenticated attacker can exploit the vulnerability remotely by submitting crafted input to the login form's username field. Successful exploitation allows various malicious LDAP actions, including creating arbitrary accounts and performing password spraying.

Advisories and further details, including potential mitigation guidance, are available in the referenced GitHub repository at https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md.

Details

CWE(s)
CWE-90

Affected Products

sismics
teedy
1.9 — 1.12

CVEs Like This One

CVE-2024-54851Same product: Sismics Teedy
CVE-2025-22963Same product: Sismics Teedy
CVE-2024-56841Shared CWE-90
CVE-2026-39962Shared CWE-90
CVE-2026-33289Shared CWE-90
CVE-2026-25560Shared CWE-90
CVE-2026-34578Shared CWE-90
CVE-2026-40193Shared CWE-90
CVE-2026-29131Shared CWE-90
CVE-2026-29138Shared CWE-90

References