CVE-2024-57968
Published: 03 February 2025
Summary
CVE-2024-57968 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Advantive Veracore. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
Advantive VeraCore versions prior to 2024.4.2.1 contain an unrestricted file upload flaw tracked as CVE-2024-57968 and CWE-434. The upload.aspx endpoint permits remote authenticated users to place files into arbitrary directories instead of restricting them to intended locations, including folders that are subsequently reachable via web requests from other users. The issue carries a CVSS 3.1 score of 9.9, reflecting network attack vector, low complexity, low privileges required, and changed scope with high impact on confidentiality, integrity, and availability.
Authenticated attackers can therefore upload arbitrary content, including web shells or other malicious files, into locations that become accessible to additional users or processes. Successful exploitation can lead to full compromise of the affected VeraCore instance and any data it processes.
The vendor addressed the issue in VeraCore release 2024.4.2.1, as documented in the corresponding release notes. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Public reporting links the flaw to operations by the Xe Group, which has leveraged similar zero-day uploads for credit-card skimming and further access. The associated EPSS score has reached a peak of 0.4425 with a current value of 0.4106, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53868
Vulnerability details
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
- CWE(s)
- KEV Date Added
- 10 March 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The file upload vulnerability (CVE-2024-57968) in VeraCore's upload.aspx enables remote authenticated users to place arbitrary files, such as webshells, in web-accessible directories, facilitating public-facing application exploitation (T1190), web shell deployment for persistence/execution (T1505.003), and malware staging via upload (T1608.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-3 enforces approved authorizations for access to system resources like file directories, directly preventing authenticated users from uploading to unintended folders.
SI-10 validates information inputs such as upload paths and filenames, blocking attempts to target unauthorized or browsable directories via upload.aspx.
AC-6 applies least privilege to restrict low-privileged authenticated users from accessing or writing to sensitive browsable folders.