Cyber Resilience

CVE-2024-56829

Critical

Published: 02 January 2025

Published
02 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0009 25.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56829 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-56829 is a critical arbitrary file upload vulnerability in Huang Yaoshi Pharmaceutical Management Software through version 16.0. It occurs via a .asp filename specified in the fileName element of the UploadFile element within a SOAP request to the /XSDService.asmx endpoint. Classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), it carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting its potential for severe impact with network-wide remote access, low attack complexity, no privileges or user interaction required, and high confidentiality, integrity, and availability consequences in a scoped context.

Unauthenticated remote attackers can exploit this flaw by crafting and sending a SOAP request to /XSDService.asmx with a malicious .asp file in the specified elements. This enables uploading arbitrary files, such as ASP web shells, which can then be executed on the server for remote code execution (RCE). Attackers achieving RCE gain full control over the vulnerable system, facilitating data theft, persistence, privilege escalation, or pivoting to other network assets.

The provided references link to GitHub documentation in a repository by Zerone0x00, which details the exploitation steps for the arbitrary file upload but does not include vendor advisories, patches, or explicit mitigation guidance. Practitioners should immediately restrict or block inbound traffic to /XSDService.asmx, monitor for suspicious SOAP requests, upgrade to a patched version if available from the vendor, and conduct forensic reviews on exposed instances.

EU & UK References

Vulnerability details

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload to public SOAP endpoint directly enables web shell deployment and RCE via T1190 exploitation of public-facing app and T1505.003 web shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents arbitrary file uploads by validating the fileName element in SOAP UploadFile requests to reject dangerous types like .asp.

preventdetect

Mitigates unauthenticated remote exploitation by monitoring and controlling communications to the vulnerable /XSDService.asmx endpoint.

prevent

Remediates the root flaw in Huang Yaoshi Pharmaceutical Management Software through timely patching or updates to eliminate unrestricted file uploads.

References