Cyber Resilience

CVE-2024-57241

Medium

Published: 11 February 2025

Published
11 February 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.1940 95.5th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57241 is a medium-severity Open Redirect (CWE-601) vulnerability in Dedecms Dedecms. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked in the top 4.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

Dedecms versions 5.71sp1 and earlier are affected by an open redirect vulnerability, CVE-2024-57241. A logic flaw in the web application fails to validate input supplied through GET requests, enabling arbitrary redirection and corresponding to CWE-601. The issue carries a CVSS 3.1 score of 6.5 with network attack vector, low complexity, and no authentication or user interaction required.

An unauthenticated remote attacker can exploit the flaw by crafting a GET request containing a malicious target URL. Successful exploitation redirects legitimate users to attacker-chosen destinations, potentially enabling phishing or further social-engineering activity that affects confidentiality and integrity.

A public GitHub repository documents the redirect behavior and provides reproduction details. The EPSS score reached a peak of 0.2408 after disclosure, indicating emerging exploitation interest that warrants monitoring.

EU & UK References

Vulnerability details

Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Why these techniques?

Open URL redirection vulnerability enables attackers to craft deceptive links on the vulnerable Dedecms site that redirect users to arbitrary malicious domains, facilitating spearphishing link attacks (T1566.002).

CVEs Like This One

CVE-2026-29839Same product: Dedecms Dedecms
CVE-2026-30643Same product: Dedecms Dedecms
CVE-2026-30694Same product: Dedecms Dedecms
CVE-2025-24868Shared CWE-601
CVE-2024-13888Shared CWE-601
CVE-2025-24381Shared CWE-601
CVE-2025-0244Shared CWE-601
CVE-2020-36912Shared CWE-601
CVE-2026-7504Shared CWE-601
CVE-2026-34931Shared CWE-601

Affected Assets

dedecms
dedecms
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the logic error by requiring validation of untrusted GET request inputs used for URL redirection.

prevent

Prevents arbitrary redirects by filtering output Location headers to approved destinations only.

prevent

Addresses the vulnerability through identification, reporting, and correction of the specific flaw in Dedecms.

References