Cyber Resilience

CVE-2025-24337

High

Published: 20 January 2025

Published
20 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 17.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24337 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Raphus (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-24337 is a vulnerability in WriteFreely through version 0.15.1 when MySQL is used as the database backend. It allows local users to discover credentials by reading the config.ini file. The issue carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-281.

A local attacker requires access to the host system but no privileges or user interaction to exploit the vulnerability. By reading the config.ini file, the attacker can obtain sensitive credentials, enabling high-impact effects on confidentiality, integrity, and availability as scored by CVSS.

Advisories and patches are detailed in the WriteFreely release notes for v0.15.1 at https://github.com/writefreely/writefreely/releases/tag/v0.15.1, an announcement at https://raphus.social/@TV4Fun/113846757112643161, and the OSS-security mailing list post at https://www.openwall.com/lists/oss-security/2025/01/18/1.

EU & UK References

Vulnerability details

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

The vulnerability directly enables local credential discovery by allowing unauthenticated reading of sensitive credentials stored in the config.ini file.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-56192Shared CWE-281
CVE-2026-35385Shared CWE-281
CVE-2025-30456Shared CWE-281
CVE-2024-56973Shared CWE-281
CVE-2024-56191Shared CWE-281
CVE-2024-54818Shared CWE-281
CVE-2025-25711Shared CWE-281
CVE-2024-54879Shared CWE-281
CVE-2025-30449Shared CWE-281
CVE-2026-24194Shared CWE-281

Affected Assets

Raphus
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Employs least privilege to restrict unprivileged local users from reading sensitive config.ini files containing MySQL credentials.

prevent

Enforces approved logical access authorizations to system resources like config.ini, preventing local unauthorized reads of credentials.

prevent

Mandates secure configuration settings including restrictive file permissions on config.ini to protect embedded database credentials from local access.

References