What is the CVSS score of CVE-2024-58278?

CVE-2024-58278 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2024-58278?

Yes, a public proof-of-concept exploit is available for CVE-2024-58278. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2024-58278?

Within 24 hours: Inventory all systems running perl2exe and identify business-critical applications dependent on it. Within 7 days: Restrict local system access to perl2exe installations through file permissions and access controls; disable perl2exe usage where operationally feasible. Within 30 days: Monitor vendor communications for patch availability and establish a deployment plan; conduct security assessment of any suspicious script execution tied to perl2exe processes.

CVE-2024-58278

EUVD-2025-201268 HIGH

OS Command Injection (CWE-78)

2025-12-04 disclosure@vulncheck.com

Authentication Bypass Command Injection RCE

8.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.5 HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201268

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 08, 2025 - 18:27 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 21:16 nvd

HIGH 8.5

DescriptionCVE.org

perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.

Analysis

Technical ContextAI

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

RemediationAI

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

CVE-2024-58278 vulnerability details – vuln.today

Back