CVE-2024-55964

CriticalRCE

Published: 26 March 2025

Published

26 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.5689 98.2th percentile

Risk Priority 54 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55964 is a critical-severity Code Injection (CWE-94) vulnerability in Appsmith Appsmith. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates and sanitizes user-supplied queries executed against the misconfigured PostgreSQL datasource, directly preventing crafted inputs from achieving remote command execution.

CM-6 Configuration Settings good match

prevent

Enforces secure configuration settings for the embedded PostgreSQL instance in the Appsmith Docker container to block command execution capabilities.

SI-2 Flaw Remediation good match

prevent

Identifies and remediates the specific flaw in Appsmith versions before 1.52 by applying vendor updates that fix the PostgreSQL misconfiguration.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

The CVE describes a remote code execution flaw in a public-facing web application (Appsmith), directly enabling T1190 for exploitation of public-facing apps; successful exploitation grants arbitrary command execution inside the Linux-based Docker container, mapping to T1059.004 Unix Shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a…

datasource, create a query against that datasource, and execute that query.

Deeper analysisAI

CVE-2024-55964 is a remote command execution vulnerability (CWE-94) affecting Appsmith versions before 1.52. The issue arises from an incorrectly configured PostgreSQL instance embedded in the Appsmith Docker container image, enabling arbitrary command execution within the container. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-26T20:15:21.373.

Exploitation requires an attacker to access the Appsmith instance, log in, create a datasource, craft a query against that datasource, and execute it. Successful exploitation grants remote command execution inside the Appsmith Docker container, potentially allowing high confidentiality, integrity, and availability impacts.

Mitigation details are available in the official security advisory at https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83.