CVE-2024-25293

CRITICAL

mjml-app <3.1.0-beta - RCE

Title source: llm

Description

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.

Exploits (1)

nomisec WORKING POC
by EQSTLab · poc
https://github.com/EQSTLab/CVE-2024-25293

References (1)

Scores

CVSS v3 9.3
EPSS 0.1993
EPSS Percentile 95.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
mjml/mjml_app 3.0.4
mjml/mjml_app 3.1.0 beta
Published Mar 01, 2024
Tracked Since Feb 18, 2026