CVE-2024-25123

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 15, 2024
Updated: Jan 9, 2025
CWE ID 22

Summary

CVE-2024-25123 is a path manipulation vulnerability affecting the Mission Support System (MSS), an open-source package used for planning atmospheric research flights. In the `index.py` file, a method is vulnerable to this issue, where an attacker can manipulate file paths by modifying the `filename` route parameter. If an attacker assigns a value containing ../ to `filename`, they may gain access to other files on the host filesystem, potentially leading to the disclosure of sensitive information. This vulnerability has been addressed in MSS version 8.3.3, and users are advised to upgrade as soon as possible. No known workarounds exist for this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share