CVE-2024-55964

CRITICAL

Appsmith < 1.52 - Code Injection

Title source: rule

Description

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Whit Taylor (Rhino Security Labs), Takahiro Yokoyama · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/appsmith_rce_cve_2024_55964.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://github.com/appsmithorg/appsmith/security/advisories/GHSA-m95x-4w54-gc83

Scores

CVSS v3 9.8

EPSS 0.6734

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

appsmith/appsmith < 1.52

Published Mar 26, 2025

Tracked Since Feb 18, 2026