CVE-2024-48590

CRITICAL

Inflectra SpiraTeam 7.2.00 - Server-Side Request Forgery via NewsReaderService

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-48590. PoCs published by GCatt-AS.

AI-analyzed exploit summary This repository contains a writeup detailing an SSRF vulnerability in Inflectra SpiraTeam 7.2.00 via the NewsReaderService component. It describes the vulnerability, impacts, and references but does not include exploit code.

Description

Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information.

Exploits (1)

nomisec WRITEUP

by GCatt-AS · poc

https://github.com/GCatt-AS/CVE-2024-48590

View Code ZIP pw:eip

This repository contains a writeup detailing an SSRF vulnerability in Inflectra SpiraTeam 7.2.00 via the NewsReaderService component. It describes the vulnerability, impacts, and references but does not include exploit code.

Classification

Writeup 90%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Theoretical

Target: Inflectra SpiraTeam 7.2.00

No auth needed

Prerequisites: Access to the NewsReaderService endpoint

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/GCatt-AS/CVE-2024-48590/blob/main/README.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0066

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-918

Status published

Products (1)

inflectra/spirateam 7.2.00

Published Mar 20, 2025

Tracked Since Feb 18, 2026