CVE-2024-57452

HighPublic PoC

Published: 03 February 2025

Published

03 February 2025

Modified

13 May 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0021 42.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57452 is a high-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in 1000Mz Chestnutcms. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 42.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to File Deletion (T1070.004) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources like the FileController, preventing unauthenticated arbitrary file and folder deletions.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and correction of flaws such as the arbitrary file deletion vulnerability in ChestnutCMS.

AC-6 Least Privilege partial match

prevent

Applies least privilege to processes including the web application controller, limiting the scope of files and folders that can be deleted even if access is gained.

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth

Adversaries may delete files left behind by the actions of their intrusion activity.

attack.mitre.org →

T1485 Data Destruction Impact

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

attack.mitre.org →

Why these techniques?

Arbitrary file/folder deletion directly enables File Deletion (T1070.004) for indicator removal and Data Destruction (T1485) for integrity/availability impact on a public-facing app.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.

Deeper analysisAI

CVE-2024-57452 is an arbitrary file deletion vulnerability affecting ChestnutCMS versions up to and including 1.5.0. The issue resides in the contentcore.controller.FileController component, enabling attackers to delete any file or folder on the server. It has been assigned a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and maps to CWE-552 (Files or Directories Accessible to External Parties). The vulnerability was published on 2025-02-03.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows deletion of arbitrary files and folders, resulting in high integrity impact but no confidentiality or availability disruption. This could lead to denial of core site functionality, data loss, or further compromise if critical system files are targeted.

Advisories providing further details, including potential mitigation guidance, are available at the referenced Notion pages: https://locrian-lightning-dc7.notion.site/File-Delete-1628e5e2b1a280cfb497de7b8bcff128.