Cyber Resilience

CVE-2024-58279

HighPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
19 December 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0062 70.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58279 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Apprain Apprain. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-58279 is an authenticated remote code execution vulnerability in appRain CMF 4.0.5. The flaw resides in the filemanager upload endpoint, which permits administrative users to upload malicious PHP files directly to the site's uploads directory, bypassing restrictions on dangerous file types (CWE-434). This issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), highlighting its high severity due to network accessibility and low privilege requirements.

Attackers with valid administrative credentials can exploit the vulnerability by crafting and uploading a malicious PHP file through the filemanager endpoint. Successful exploitation allows them to establish a web shell in the uploads directory, granting remote command execution on the server. This enables full compromise of the affected system, including data exfiltration, persistence, or further lateral movement.

Advisories and references, including the VulnCheck advisory on apprain-cmf authenticated RCE via filemanager upload and an Exploit-DB entry (52041) with proof-of-concept exploit code, document the issue. The appRain project site and GitHub archive for v4.0.5 provide additional context on the vulnerable version, though no specific patches or mitigations are detailed in the available information.

EU & UK References

Vulnerability details

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading…

more

a crafted PHP file to the site's uploads directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Authenticated RCE via unrestricted file upload in a public-facing web app (T1190) directly facilitates deployment of a PHP web shell for remote command execution (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

apprain
apprain
4.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the flaw in the filemanager upload endpoint of appRain CMF 4.0.5 that permits unrestricted uploading of malicious PHP files leading to RCE.

prevent

Implements input validation mechanisms at the filemanager upload endpoint to detect and reject malicious PHP files, preventing exploitation of the unrestricted file upload vulnerability.

prevent

Enforces secure web server configuration settings to disable PHP execution in the uploads directory, blocking RCE even if malicious files are uploaded.

References