CVE-2024-55511

High

Published: 16 January 2025

Published

16 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0061 69.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted executable.

Security Summary

CVE-2024-55511 is a null pointer dereference vulnerability (CWE-476) in Macrium Reflect versions prior to 8.1.8017. Published on 2025-01-16, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw arises from improper handling of a null pointer when executing a specially crafted executable.

A local attacker with low privileges can exploit this vulnerability by running the crafted executable on a vulnerable system. Exploitation requires no user interaction beyond execution and low attack complexity, potentially leading to a denial-of-service via system crash or privilege escalation, with high impacts on confidentiality, integrity, and availability.

Macrium Reflect addresses this issue in version 8.1.8017, as detailed in the vendor's update notes at https://updates.macrium.com/reflect/v8/v8.1.8017/details8.1.8017.htm. Further technical analysis and resources are available at https://github.com/nikosecurity/CVE-2024-55511.

Details

CWE(s): CWE-476

References

https://github.com/nikosecurity/CVE-2024-55511
cve@mitre.org
https://updates.macrium.com/reflect/v8/v8.1.8017/details8.1.8017.htm
cve@mitre.org