Cyber Resilience

CVE-2024-54879

CriticalPublic PoC

Published: 06 January 2025

Published
06 January 2025
Modified
28 March 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0571 90.6th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54879 is a critical-severity Improper Preservation of Permissions (CWE-281) vulnerability in Seacms Seacms. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

SeaCMS V13.1 contains an incorrect access control vulnerability (CWE-281) stemming from a logic flaw in its member recharge functionality. The affected component allows unauthorized manipulation of account balances or membership status without proper validation of recharge requests or limits.

An unauthenticated attacker can exploit the flaw over the network with low complexity to indefinitely recharge member accounts. Successful exploitation grants the ability to alter billing and membership data at will, producing high impact on confidentiality and integrity while leaving availability unaffected.

The EPSS score remains flat at 0.0571 with no material increase after disclosure. Public references point to the vendor site and a technical write-up but supply no official patch or mitigation guidance.

EU & UK References

Vulnerability details

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1098 Account Manipulation Persistence
Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.
Why these techniques?

Direct unauthenticated network exploitation of public-facing SeaCMS web app logic flaw enables indefinite unauthorized account recharging/manipulation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-54880Same product: Seacms Seacms
CVE-2025-22974Same product: Seacms Seacms
CVE-2025-25519Same product: Seacms Seacms
CVE-2025-25521Same product: Seacms Seacms
CVE-2025-25516Same product: Seacms Seacms
CVE-2025-25517Same product: Seacms Seacms
CVE-2025-25520Same product: Seacms Seacms
CVE-2025-25513Same product: Seacms Seacms
CVE-2025-25515Same product: Seacms Seacms
CVE-2024-56973Shared CWE-281

Affected Assets

seacms
seacms
13.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly preventing the logic flaw that allows unauthorized recharging of member accounts.

prevent

Explicitly identifies and authorizes only specific actions performable without identification or authentication, blocking unauthenticated recharge exploitation.

prevent

Applies least privilege to restrict recharge capabilities to only necessary authorized users or roles, mitigating indefinite unauthorized recharges by any user.

References