Cyber Resilience

CVE-2025-24372

High

Published: 05 February 2025

Published
05 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0022 44.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24372 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24372 is a vulnerability in CKAN, an open-source data management system used for powering data hubs and portals. It allows a registered user to upload a specially crafted file containing code that, when executed, can send arbitrary requests to the server. If an administrator opens the file, this could lead to privilege escalation for the original submitter or other malicious actions. The issue affects CKAN versions prior to 2.10.7 and 2.11.2, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N) and is associated with CWE-79.

A registered user on the CKAN site can exploit this vulnerability over the network by uploading the malicious file. Exploitation requires low privileges (as a registered user) and low complexity, but depends on user interaction from an administrator who opens the file. Successful execution enables the code to send arbitrary requests from the server's context, potentially resulting in high-impact confidentiality and integrity violations, such as unauthorized access to sensitive data or modification of site resources, without affecting availability.

The vulnerability has been fixed in CKAN 2.10.7 and 2.11.2, and users are advised to upgrade. For versions prior to these releases, site maintainers can mitigate by restricting allowed file types using the configuration options `ckan.upload.user.mimetypes` / `ckan.upload.user.types` and `ckan.upload.group.mimetypes` / `ckan.upload.group.types`. File uploads can be entirely disabled with `ckan.upload.user.types = none`. Additional details are available in the CKAN documentation and the fixing commit at https://github.com/ckan/ckan/commit/7da6a26c6183e0a97a356d1b1d2407f3ecc7b9c8.

EU & UK References

Vulnerability details

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If…

more

that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions. Users must have been registered to the site to exploit this vulnerability. This vulnerability has been fixed in CKAN 2.10.7 and 2.11.2. Users are advised to upgrade. On versions prior to CKAN 2.10.7 and 2.11.2, site maintainers can restrict the file types supported for uploading using the `ckan.upload.user.mimetypes` / `ckan.upload.user.types` and `ckan.upload.group.mimetypes` / `ckan.upload.group.types` config options. To entirely disable file uploads users can use: `ckan.upload.user.types = none`

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability description explicitly states it leads to privilege escalation when a low-privileged user uploads a crafted file that executes code upon administrator interaction, directly mapping to exploitation of a software vulnerability for higher privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-0447Shared CWE-79
CVE-2025-0443Shared CWE-79
CVE-2026-1010Shared CWE-79
CVE-2026-34558Shared CWE-79
CVE-2024-55074Shared CWE-79
CVE-2026-22720Shared CWE-79
CVE-2026-25759Shared CWE-79
CVE-2025-22219Shared CWE-79
CVE-2026-34571Shared CWE-79
CVE-2026-27822Shared CWE-79

Affected Assets

On
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the vulnerability by requiring timely installation of vendor patches for CKAN versions 2.10.7 and 2.11.2.

prevent

Prevents exploitation by restricting upload of malicious file types using configuration options like ckan.upload.user.types as recommended by the vendor.

prevent

Enforces secure configuration settings such as disabling file uploads entirely with ckan.upload.user.types = none to eliminate the attack vector.

References