CVE-2024-25123

Summary

CVE-2024-25123 is a path manipulation vulnerability affecting the Mission Support System (MSS), an open-source package for planning atmospheric research flights. In the `index.py` file, a method is vulnerable to this issue, allowing an attacker to acquire sensitive information by modifying file paths. The `filename` variable, which is part of a route parameter, can contain path type values, including slashes, enabling an attacker to manipulate the file being read and possibly gain access to other files on the host filesystem. The vulnerability has been addressed in MSS version 8.3.3, and users are advised to upgrade as soon as possible. At present, there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.