Vulnerability Report

CVE-2024-55963

Title: Appsmith Auth Bypass

DoS

Proof Of Concept

PoC Available for CVE-2024-55963

CWE Category CWE-284

Published Date Mar 26, 2025

Modified Date Apr 01, 2025

Exploit Status Available

Score 6.5 CVSS v3.1

Exploit Probability (EPSS)

25.01%

Vulnerability Summary

CVE-2024-55963: An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.

Impacted Vendors

appsmith 1

Reference Links

https://github.com/appsmithorg/appsmith/security/advisories/GHSA-6mc8-hw5c-7qqr

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity MEDIUM

6.5

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2024-55963 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/52118

View Code

April 01, 2025 MODIFIED

Vulnerability data or affected products updated.

April 01, 2025 MODIFIED

Vulnerability data updated via NVD.

March 26, 2025 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Stack

No specific products linked.