Cyber Resilience

CVE-2024-56901

High

Published: 03 February 2025

Published
03 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0067 71.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56901 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-56901 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Geovision GV-ASWeb application in versions 6.1.1.0 and earlier. The flaw enables attackers to arbitrarily create Administrator accounts through a crafted GET request. It is chained with CVE-2024-56903 to facilitate a successful CSRF attack, as classified under CWE-352, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by remote attackers with no required privileges over a network, provided they can lure an authenticated user into performing an action such as visiting a malicious webpage (user interaction required). Successful exploitation allows the creation of unauthorized Administrator accounts, potentially granting full control over the application, including high impacts on confidentiality, integrity, and availability.

Mitigation details are available in the advisory published on GitHub at https://github.com/DRAGOWN/CVE-2024-56901, which was referenced alongside the CVE published on 2025-02-03. Security practitioners should consult this resource for patching instructions or workarounds specific to GV-ASWeb.

EU & UK References

Vulnerability details

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a…

more

successful CSRF attack.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
Why these techniques?

CSRF in public-facing GV-ASWeb directly enables remote exploitation of the app (T1190) to create unauthorized admin accounts (T1136).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-68434Shared CWE-352
CVE-2018-25200Shared CWE-352
CVE-2026-22194Shared CWE-352
CVE-2025-27910Shared CWE-352
CVE-2025-25907Shared CWE-352
CVE-2024-37102Shared CWE-352
CVE-2024-37450Shared CWE-352
CVE-2025-23558Shared CWE-352
CVE-2025-68722Shared CWE-352
CVE-2025-31440Shared CWE-352

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires mechanisms such as CSRF tokens to protect session authenticity, directly preventing forged GET requests from creating unauthorized administrator accounts.

prevent

Mandates timely identification, reporting, and correction of the specific CSRF flaw, eliminating the vulnerability exploited to create admin accounts.

prevent

Enforces authorized processes for account creation and management, mitigating unauthorized admin account provisioning via CSRF-forged requests.

References