How to fix CVE-2024-32641?

Within 24 hours: identify all systems running Masa CMS and determine installed versions (7.2.x, 7.3.x, or 7.4.x prior to patched versions). Within 7 days: apply vendor patches (upgrade to versions 7.2.8, 7.3.13, or 7.4.6) or take affected systems offline. Within 30 days: conduct incident response assessment to determine if systems were compromised during exposure window, review access logs, and implement post-incident security controls.

Is Masacms affected by CVE-2024-32641?

Masa CMS installations are vulnerable to unauthenticated remote code execution, allowing attackers to take complete control of affected systems without user interaction.

CVE-2024-32641

EUVD-2024-30443 CRITICAL

2025-12-03 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2024-30443

Patch Released

Mar 15, 2026 - 16:14 nvd

Patch available

PoC Detected

Dec 05, 2025 - 14:47 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 17:15 nvd

CRITICAL 9.8

Description

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.

Analysis

Technical Context

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Code Injection (CWE-94).

Affected Products

Affected products: Masacms Masacms

Remediation

A vendor patch is available — apply it immediately. Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.0

CVSS: +49

POC: +20

CVE-2024-32641 vulnerability details – vuln.today

Back

CVE-2024-32641

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-32641

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code