CVE-2024-55963

MEDIUM EXPLOITED

Appsmith RCE

Title source: metasploit

Exploitation Summary

CVE-2024-55963 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Nishanth Gaddam, superswan.

AI-analyzed exploit summary This exploit leverages a misconfigured PostgreSQL database in AppSmith versions prior to v1.52 to achieve unauthenticated remote code execution via the COPY FROM PROGRAM command. It automates user signup, login, workspace creation, and payload delivery.

Description

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.

Exploits (2)

exploitdb WORKING POC

by Nishanth Gaddam · pythonwebappsjava

https://www.exploit-db.com/exploits/52118

View Code ZIP pw:eip

This exploit leverages a misconfigured PostgreSQL database in AppSmith versions prior to v1.52 to achieve unauthenticated remote code execution via the COPY FROM PROGRAM command. It automates user signup, login, workspace creation, and payload delivery.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AppSmith < v1.52

No auth needed

Prerequisites: Network access to the target AppSmith instance · PostgreSQL COPY FROM PROGRAM command enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by superswan · remote-auth

https://github.com/superswan/CVE-2024-55963

View Code ZIP pw:eip

This exploit leverages CVE-2024-55963 to achieve remote code execution (RCE) in Appsmith by creating a PostgreSQL datasource and executing arbitrary commands via a crafted SQL function. It handles authentication, workspace setup, and environment configuration to exploit the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Appsmith (version not specified)

Auth required

Prerequisites: Valid credentials or ability to register a user · PostgreSQL plugin enabled · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/appsmithorg/appsmith/security/advisories/GHSA-6mc8-hw5c-7qqr

Scores

CVSS v3 6.5

EPSS 0.2490

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-12-15

CWE

CWE-284

Status published

Products (1)

appsmith/appsmith < 1.51

Published Mar 26, 2025

Tracked Since Feb 18, 2026