CVSS 3.1 Score 7.2 of 10 (high)


Published Mar 13, 2024


CVE-2024-25155 is a vulnerability found in FileCatalyst Direct versions 3.8.8 and earlier, through 3.8.6, where the web server fails to properly sanitize illegal characters in a URL, leading to the execution of arbitrary code within an HTML script tag on a subsequent error page. This vulnerability, categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting), has a high base severity rating of 7.2 according to the CVSS score. The potential danger to an organization includes the risk of unauthorized code execution and potential exploitation by malicious actors. To remediate this vulnerability, organizations should update FileCatalyst Direct to version 3.8.9 or later, which addresses the issue and enhances web server security measures.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25155 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options