CVE-2024-57241
Published: 11 February 2025
Summary
CVE-2024-57241 is a medium-severity Open Redirect (CWE-601) vulnerability in Dedecms Dedecms. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked in the top 4.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
Dedecms versions 5.71sp1 and earlier are affected by an open redirect vulnerability, CVE-2024-57241. A logic flaw in the web application fails to validate input supplied through GET requests, enabling arbitrary redirection and corresponding to CWE-601. The issue carries a CVSS 3.1 score of 6.5 with network attack vector, low complexity, and no authentication or user interaction required.
An unauthenticated remote attacker can exploit the flaw by crafting a GET request containing a malicious target URL. Successful exploitation redirects legitimate users to attacker-chosen destinations, potentially enabling phishing or further social-engineering activity that affects confidentiality and integrity.
A public GitHub repository documents the redirect behavior and provides reproduction details. The EPSS score reached a peak of 0.2408 after disclosure, indicating emerging exploitation interest that warrants monitoring.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53554
Vulnerability details
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Open URL redirection vulnerability enables attackers to craft deceptive links on the vulnerable Dedecms site that redirect users to arbitrary malicious domains, facilitating spearphishing link attacks (T1566.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the logic error by requiring validation of untrusted GET request inputs used for URL redirection.
Prevents arbitrary redirects by filtering output Location headers to approved destinations only.
Addresses the vulnerability through identification, reporting, and correction of the specific flaw in Dedecms.