vulnerability
Cleo VLTrader: CVE-2024-50623: Unauthenticated Remote Execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Dec 3, 2024 | Dec 10, 2024 | Apr 9, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 3, 2024
Added
Dec 10, 2024
Modified
Apr 9, 2025
Description
In Cleo VLTrader, prior version 5.8.0.21, there is an unrestricted file upload and download vulnerability that could lead to remote execution.
Solution
cleo-vltrader-upgrade-cve-2024-50623
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.