CVE-2024-57189 is a high-severity vulnerability affecting Erxes versions prior to 1.6.2. The flaw exists in the importHistoriesCreate GraphQL mutation handler, where an authenticated attacker can exploit a path traversal vulnerability to write arbitrary files to the underlying system. Path traversal vulnerabilities allow attackers to manipulate file paths to access or modify files outside the intended directory scope. In this case, the attacker must be authenticated, indicating that some level of access to the Erxes platform is required before exploitation. Once authenticated, the attacker can craft malicious GraphQL mutation requests to traverse directories and write files anywhere on the server's filesystem where the application has write permissions. This could lead to unauthorized file creation or modification, potentially enabling further attacks such as remote code execution, privilege escalation, or persistent backdoors. The vulnerability is specific to the importHistoriesCreate mutation, which likely handles importing historical data or records, and the lack of proper input validation or sanitization of file paths in this handler is the root cause. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The vulnerability was reserved in January 2025 and published in June 2025. No patch links are provided, but upgrading to Erxes 1.6.2 or later is implied as a remediation step.

For European organizations using Erxes, especially those leveraging its customer engagement and marketing automation capabilities, this vulnerability poses a significant risk. Successful exploitation could allow attackers to write arbitrary files, potentially leading to remote code execution or persistent compromise of critical systems. This threatens confidentiality, integrity, and availability of data and services. Sensitive customer data managed by Erxes could be exposed or manipulated, damaging trust and violating data protection regulations such as GDPR. The requirement for authentication limits exposure to insiders or attackers who have already compromised user credentials, but insider threats or credential theft remain realistic risks. The ability to write arbitrary files could also facilitate lateral movement within networks, increasing the scope of impact. Disruption of marketing and customer engagement operations could have business continuity implications. Given the high severity and potential for significant operational and reputational damage, European organizations should prioritize addressing this vulnerability promptly.

1. Upgrade Erxes to version 1.6.2 or later where this vulnerability is fixed. 2. If immediate upgrade is not possible, restrict access to the GraphQL API, especially the importHistoriesCreate mutation, to trusted users only and monitor for suspicious activity. 3. Implement strict input validation and sanitization on file path parameters in GraphQL mutations to prevent path traversal. 4. Employ application-layer firewalls or Web Application Firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting the importHistoriesCreate mutation. 5. Conduct regular audits of user accounts and permissions to minimize the risk of credential compromise and insider threats. 6. Monitor logs for unusual file write operations or unexpected changes in the filesystem related to the Erxes application. 7. Isolate the Erxes application environment with least privilege principles to limit the impact of any successful exploitation. 8. Educate users about phishing and credential security to reduce the risk of unauthorized authentication.