CVE-2024-55030
Published: 25 March 2025
Summary
CVE-2024-55030 is a critical-severity Command Injection (CWE-77) vulnerability in Nasa Fprime. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-55030 is a command injection vulnerability (CWE-77) in the Command Dispatcher Service of NASA Fprime version 3.4.3. The flaw carries a CVSS 3.1 score of 9.8 and permits unauthenticated remote attackers to execute arbitrary operating-system commands.
An attacker with network access can submit crafted input to the affected service and obtain code execution with the privileges of the Fprime process, resulting in full confidentiality, integrity, and availability impact without requiring user interaction or credentials.
Public analysis published by VisionSpace details the remote-code-execution issues present in the same Fprime release. The associated EPSS score rose from lower values to a peak of 0.1446 on 2026-03-08 before receding to the current 0.0558, indicating measurable post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8096
Vulnerability details
A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability enables remote arbitrary command execution on a network-accessible service (T1190: Exploit Public-Facing Application) and directly facilitates OS command execution (T1059: Command and Scripting Interpreter).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection attacks by validating and sanitizing all inputs to the vulnerable Command Dispatcher Service.
Mitigates the vulnerability through timely flaw remediation, including patching the command injection issue in NASA Fprime v3.4.3.
Limits damage from successful command injection by enforcing least privilege on processes handling commands in the dispatcher service.