vulnerability
Cleo VLTrader: CVE-2024-50623: Unauthenticated Remote Execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Dec 3, 2024 | Dec 23, 2024 | Nov 21, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 3, 2024
Added
Dec 23, 2024
Modified
Nov 21, 2025
Description
In Cleo VLTrader, prior version 5.8.0.21, there is an unrestricted file upload and download vulnerability that could lead to remote execution.
Solution
cleo-vltrader-upgrade-cve-2024-50623-remote
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.