What is the CVSS score of CVE-2024-58275?

CVE-2024-58275 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. EPSS exploitation probability: 1.2%.

Is there a public PoC exploit available for CVE-2024-58275?

Yes, a public proof-of-concept exploit is available for CVE-2024-58275. Prioritise patching immediately. EPSS: 1.2%.

How to fix or mitigate CVE-2024-58275?

Within 24 hours: Identify all systems running Easywall 0.3.1 and assess exposure; disable the /ports-save endpoint if operationally feasible or restrict access via network controls. Within 7 days: Implement WAF rules to block malicious payloads targeting the /ports-save parameter; review authentication logs for suspicious activity. Within 30 days: Plan upgrade to a patched version; conduct forensic analysis for signs of exploitation; implement network segmentation to limit blast radius of compromised systems.

CVE-2024-58275

EUVD-2025-201267 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2025-12-04 disclosure@vulncheck.com

Command Injection

8.7

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201267

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 08, 2025 - 18:27 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 21:16 nvd

HIGH 8.7

DescriptionCVE.org

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.

Analysis

Technical ContextAI

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells.

RemediationAI

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

CVE-2024-58275 vulnerability details – vuln.today

Back