CVE-2024-53591

CRITICAL

Seclore v3.27.5.0 - Unauthenticated Authentication Bypass via Brute Force Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-53591. PoCs published by aljoharasubaie.

AI-analyzed exploit summary The repository describes an information leakage vulnerability in Seclore v3.27.5.0, where brute-forcing the 'repoCode' parameter in a specific endpoint can enumerate valid domains and internal services. The PoC is a URL-based brute-force technique without additional exploit code.

Description

An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.

Exploits (1)

nomisec WRITEUP

by aljoharasubaie · poc

https://github.com/aljoharasubaie/CVE-2024-53591

View Code ZIP pw:eip

The repository describes an information leakage vulnerability in Seclore v3.27.5.0, where brute-forcing the 'repoCode' parameter in a specific endpoint can enumerate valid domains and internal services. The PoC is a URL-based brute-force technique without additional exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Seclore v3.27.5.0

No auth needed

Prerequisites: Access to the target URL endpoint

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/aljoharasubaie/CVE-2024-53591

Scores

CVSS v3 9.8

EPSS 0.0054

EPSS Percentile 41.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-862

Status published

Products (1)

seclore/seclore 3.27.5.0

Published Apr 18, 2025

Tracked Since Feb 18, 2026