CVE-2024-31839

MEDIUM EXPLOITED NUCLEI

tiagorlampert CHAOS 5.0.1 - Cross-Site Scripting via sendCommandHandler

Title source: llm

Exploitation Summary

CVE-2024-31839 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including h00die, chebuya, including a Metasploit module exploits/linux/http/chaos_rat_xss_to_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits CVE-2024-30850 in Chaos RAT v5.0.8, chaining an XSS vulnerability (CVE-2024-31839) with RCE via command injection in the executable generation feature. It supports multiple attack paths including direct authentication, JWT token misuse, and agent binary extraction.

Description

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.

Exploits (1)

metasploit WORKING POC EXCELLENT

by h00die, chebuya · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/chaos_rat_xss_to_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2024-30850 in Chaos RAT v5.0.8, chaining an XSS vulnerability (CVE-2024-31839) with RCE via command injection in the executable generation feature. It supports multiple attack paths including direct authentication, JWT token misuse, and agent binary extraction.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chaos RAT v5.0.8

Auth required

Prerequisites: Valid credentials or JWT token · Network access to target · WebSocket connectivity for XSS path

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1078 - Valid Accounts T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting

MEDIUMVERIFIEDby riteshs4hu

References (2)

Core 2

Core References

Exploit

https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/

Product

https://github.com/tiagorlampert/CHAOS

Scores

CVSS v3 4.8

EPSS 0.8464

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-06-04

CWE

CWE-79

Status published

Products (2)

tiagorlampert/chaos 5.0.1

tiagorlampert/CHAOS 0Go

Published Apr 12, 2024

Tracked Since Feb 18, 2026