CVE-2024-48905 is a critical security vulnerability identified in Sematell ReplyOne version 7.4.3.0. The vulnerability arises from insecure permissions configured on the /rest/sessions endpoint. This endpoint likely handles session management functionalities such as authentication tokens or session cookies. The insecure permissions imply that unauthorized users can access or manipulate this endpoint without proper authentication or authorization controls. According to the CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), the vulnerability is remotely exploitable over the network without any privileges or user interaction, and it impacts confidentiality and integrity to a high degree, though availability is not affected. The CWE-284 classification indicates an authorization bypass or insufficient access control issue. Exploiting this vulnerability could allow attackers to hijack or manipulate user sessions, leading to unauthorized access to sensitive information or the ability to perform actions on behalf of legitimate users. Although no known exploits are currently reported in the wild, the high CVSS score of 9.1 and the nature of the vulnerability make it a significant risk. No patch links are currently provided, indicating that remediation may require vendor intervention or configuration changes. The vulnerability was reserved in October 2024 and published in May 2025, reflecting recent discovery and disclosure.

For European organizations using Sematell ReplyOne 7.4.3.0, this vulnerability poses a severe risk to the confidentiality and integrity of their data and user sessions. Attackers exploiting this flaw could gain unauthorized access to sensitive corporate information, customer data, or internal communications, potentially leading to data breaches and compliance violations under GDPR. The ability to manipulate sessions without authentication could also facilitate lateral movement within networks, privilege escalation, or fraudulent transactions. Given the critical severity and remote exploitability, organizations face a high risk of compromise if the vulnerability is not addressed promptly. The impact extends to sectors with high data sensitivity such as finance, healthcare, and government agencies, where session integrity is paramount. Additionally, the lack of availability impact means attackers may remain undetected while persistently exploiting the vulnerability.

European organizations should immediately audit their deployment of Sematell ReplyOne to determine if version 7.4.3.0 is in use. In the absence of an official patch, organizations should implement strict network-level access controls to restrict access to the /rest/sessions endpoint, such as IP whitelisting or VPN-only access. Web application firewalls (WAFs) can be configured to detect and block anomalous requests targeting session management endpoints. Monitoring and logging access to this endpoint should be enhanced to detect suspicious activity indicative of exploitation attempts. Organizations should also review and tighten session management policies, including session timeout and token invalidation mechanisms. Engaging with Sematell support for guidance and monitoring for forthcoming patches is critical. Finally, conducting internal penetration testing focusing on session management endpoints can help identify and remediate related weaknesses.