Cyber Resilience

CVE-2024-57609

HighRCE

Published: 06 February 2025

Published
06 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0952 93.0th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57609 is a high-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57609 affects Kanaries Inc Pygwalker versions prior to 0.4.9.9. The flaw resides in the login redirection function, where the redirect_path parameter permits code injection (CWE-94). Unauthenticated remote attackers can leverage it to obtain sensitive information and execute arbitrary code, consistent with the CVSS 8.6 rating reflecting network attack vector, low complexity, and impacts on confidentiality, integrity, and availability.

An attacker needs only network access and can supply a malicious redirect_path value to trigger the injection without authentication or user interaction. Successful exploitation yields sensitive data exposure and the ability to run attacker-controlled code on the affected server.

The provided reference points to a GitHub repository containing further technical details on the issue. Upgrading to Pygwalker 0.4.9.9 or later eliminates the vulnerable redirect handling. The associated EPSS score has remained near 0.1 with only minor fluctuation between its current and peak values.

EU & UK References

Vulnerability details

An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

CWE-94 code injection in network-exposed login redirect enables remote arbitrary code execution (T1190) via Python (T1059.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-53890Shared CWE-94
CVE-2026-31220Shared CWE-94
CVE-2026-31231Shared CWE-94
CVE-2025-54550Shared CWE-94
CVE-2026-26216Shared CWE-94
CVE-2026-39891Shared CWE-94
CVE-2026-7466Shared CWE-94
CVE-2026-44334Shared CWE-94
CVE-2026-44887Shared CWE-94
CVE-2026-31225Shared CWE-94

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the insufficient sanitization of the redirect_path parameter by requiring validation of all information inputs to prevent code injection.

prevent

Addresses the vulnerability by requiring timely flaw remediation through upgrading Pygwalker to version 0.4.9.9 or later where the issue is fixed.

prevent

Provides additional protection by restricting the redirect_path parameter to approved safe values, limiting opportunities for code injection.

References