CVE-2024-55959

CVE-2024-55959 is an insecure permissions vulnerability (CWE-276) in Northern.tech Mender Client versions 4.x before 4.0.5. Published on January 21, 2025, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), highlighting its critical severity due to high impacts on confidentiality and integrity.

The vulnerability allows remote attackers with no privileges or user interaction to exploit it over the network with low complexity. Successful exploitation enables high-level unauthorized access to sensitive data and modification of system integrity without affecting availability.

Mitigation details are available in advisories at https://Northern.tech and https://mender.io/blog/cve-2024-55959, which address the insecure permissions issue resolved in Mender Client 4.0.5 and later versions. Security practitioners should prioritize upgrading affected clients to patched releases.