Cyber Posture

CVE-2024-57052

Critical

Published: 27 January 2025

Published
27 January 2025
Modified
27 June 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0126 79.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57052 is a critical-severity Session Fixation (CWE-384) vulnerability in Youdiancms Youdiancms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Validates and sanitizes the sessionID parameter in index.php to prevent manipulation that enables privilege escalation.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations to block unauthorized privilege escalation even if sessionID is improperly handled.

AC-6 Least Privilege good match
prevent

Applies least privilege to limit the impact and success of privilege escalation attempts via sessionID manipulation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct privilege escalation via remote unauthenticated exploitation of a public-facing web app (CWE-384 session handling flaw).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.

Deeper analysisAI

CVE-2024-57052 is a privilege escalation vulnerability affecting youdiancms versions 9.5.20 and earlier. The issue stems from improper handling of the sessionID parameter in the index.php file, enabling remote attackers to escalate their privileges. It is associated with CWE-384 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.

Any remote attacker can exploit this vulnerability without authentication, privileges, or user interaction, requiring only network access and low attack complexity. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full system compromise through elevated privileges.

A related advisory is documented at https://gist.github.com/yahaha9/720fb45bbebda62dc198568c8d275df8.

Details

CWE(s)
CWE-384

Affected Products

youdiancms
youdiancms
≤ 9.5.20

CVEs Like This One

CVE-2026-23796Shared CWE-384
CVE-2025-63529Shared CWE-384
CVE-2025-52689Shared CWE-384
CVE-2023-53776Shared CWE-384
CVE-2024-13279Shared CWE-384
CVE-2026-2177Shared CWE-384
CVE-2026-25101Shared CWE-384
CVE-2025-7015Shared CWE-384
CVE-2025-27661Shared CWE-384
CVE-2024-56529Shared CWE-384

References