CVE-2024-55964
Published: 26 March 2025
Summary
CVE-2024-55964 is a critical-severity Code Injection (CWE-94) vulnerability in Appsmith Appsmith. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).
Deeper analysis
Appsmith versions prior to 1.52 contain an incorrectly configured PostgreSQL instance bundled in the official Docker image. This misconfiguration permits remote command execution inside the container and is tracked as CWE-94 with a CVSS 3.1 base score of 9.8.
An attacker who can reach an Appsmith instance, authenticate, define a datasource, craft a query against it, and execute that query can run arbitrary commands within the container. The required steps imply the attacker must already possess a valid account and sufficient application-level permissions to perform datasource and query operations.
The associated GitHub Security Advisory GHSA-m95x-4w54-gc83 provides the authoritative disclosure and remediation guidance for the issue. The EPSS score reached a peak of 0.6734 and currently stands at 0.5662, indicating sustained exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54313
Vulnerability details
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a…
more
datasource, create a query against that datasource, and execute that query.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote code execution flaw in a public-facing web application (Appsmith), directly enabling T1190 for exploitation of public-facing apps; successful exploitation grants arbitrary command execution inside the Linux-based Docker container, mapping to T1059.004 Unix Shell.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates and sanitizes user-supplied queries executed against the misconfigured PostgreSQL datasource, directly preventing crafted inputs from achieving remote command execution.
Enforces secure configuration settings for the embedded PostgreSQL instance in the Appsmith Docker container to block command execution capabilities.
Identifies and remediates the specific flaw in Appsmith versions before 1.52 by applying vendor updates that fix the PostgreSQL misconfiguration.