CVE-2024-48818

Critical

Published: 25 March 2025

Published

25 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0207 84.0th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2024-48818 is a critical code injection vulnerability (CWE-94) affecting Bodhitree of cs101, a component developed by IIT Bombay, Mumbai, India. The flaw allows a remote attacker to execute arbitrary code on the affected system. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and significant impacts on confidentiality, integrity, and availability.

Any unauthenticated attacker with network access to the vulnerable Bodhitree of cs101 instance can exploit this vulnerability. Exploitation requires no privileges or user interaction, enabling remote arbitrary code execution that could lead to full system compromise, data theft, modification, or disruption.

Advisories and details are available via PacketStorm at https://packetstorm.news/files/id/183309.

Details

CWE(s): CWE-94

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated code injection leading to arbitrary code execution on a network-accessible component directly enables exploitation of public-facing applications for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://packetstorm.news/files/id/183309
cve@mitre.org
https://packetstorm.news/files/id/183309
134c704f-9b21-4f2e-91b3-4a467353bcc0