Cyber Posture

CVE-2024-57241

Medium

Published: 11 February 2025

Published
11 February 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.2408 96.1th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57241 is a medium-severity Open Redirect (CWE-601) vulnerability in Dedecms Dedecms. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked in the top 3.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Spearphishing Link (T1566.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates the logic error by requiring validation of untrusted GET request inputs used for URL redirection.

SI-15 Information Output Filtering good match
prevent

Prevents arbitrary redirects by filtering output Location headers to approved destinations only.

SI-2 Flaw Remediation good match
prevent

Addresses the vulnerability through identification, reporting, and correction of the specific flaw in Dedecms.

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
attack.mitre.org →
Why these techniques?

Open URL redirection vulnerability enables attackers to craft deceptive links on the vulnerable Dedecms site that redirect users to arbitrary malicious domains, facilitating spearphishing link attacks (T1566.002).

NVD Description

Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.

Deeper analysisAI

CVE-2024-57241 is an open redirect vulnerability (CWE-601) affecting Dedecms versions 5.71sp1 and earlier. The flaw arises from a logic error in the web application that fails to validate input from GET requests, enabling arbitrary URL redirection.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Per the CVSS 3.1 score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), exploitation leads to low impacts on confidentiality and integrity, with no availability disruption, typically allowing attackers to redirect users to malicious sites for phishing or similar follow-on attacks.

A reference implementation or proof-of-concept for the vulnerability is available at https://github.com/woshidaheike/dedecms-url-redirection.

Details

CWE(s)
CWE-601

Affected Products

dedecms
dedecms
all versions

CVEs Like This One

CVE-2026-30694Same product: Dedecms Dedecms
CVE-2026-30643Same product: Dedecms Dedecms
CVE-2026-29839Same product: Dedecms Dedecms
CVE-2025-24868Shared CWE-601
CVE-2025-24381Shared CWE-601
CVE-2025-24180Shared CWE-601
CVE-2026-28512Shared CWE-601
CVE-2025-0244Shared CWE-601
CVE-2026-33102Shared CWE-601
CVE-2024-51321Shared CWE-601

References