CVE-2024-25291

CRITICAL

Deskfiler <1.2.3 - RCE

Title source: llm

Description

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.

Exploits (1)

nomisec WORKING POC
by EQSTLab · poc
https://github.com/EQSTLab/CVE-2024-25291

References (1)

Scores

CVSS v3 9.8
EPSS 0.1582
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
deskfiler/deskfiler 1.2.3
Published Feb 29, 2024
Tracked Since Feb 18, 2026