CVE-2024-57190 is a critical security vulnerability affecting Erxes versions prior to 1.6.1. The vulnerability arises from incorrect access control mechanisms within the application, specifically related to the handling of the "User" HTTP header. An attacker can exploit this flaw by crafting a request that includes a "User" header containing any arbitrary user identifier. This manipulation allows the attacker to bypass authentication controls and gain unauthorized access to any GraphQL endpoint exposed by the Erxes platform. GraphQL endpoints typically provide flexible and powerful querying capabilities, often exposing sensitive data and operations. By bypassing authentication, an attacker can potentially read, modify, or delete data, execute administrative functions, or perform other malicious actions depending on the privileges associated with the impersonated user. The vulnerability does not require prior authentication or user interaction, making it easier to exploit. Although no known exploits are currently reported in the wild, the critical nature of the flaw and the ease of exploitation make it a significant risk. The lack of a CVSS score suggests that the vulnerability is newly published and may not yet have been fully assessed, but the described impact and attack vector clearly indicate a high-severity issue. The absence of vendor or product details beyond the Erxes version implies that this vulnerability is specific to the Erxes platform, an open-source customer experience and marketing platform that integrates CRM, messaging, and other business tools. Organizations using Erxes versions before 1.6.1 are at risk of unauthorized data access and potential compromise of their customer interaction systems.

For European organizations using Erxes, this vulnerability poses a severe risk to the confidentiality, integrity, and availability of customer data and internal communications. Unauthorized access to GraphQL endpoints could lead to data breaches involving personal data protected under GDPR, resulting in legal penalties and reputational damage. Attackers could manipulate customer records, disrupt marketing campaigns, or gain footholds for further network intrusion. The ability to impersonate any user without authentication increases the risk of privilege escalation and insider threat scenarios. Given that Erxes is used by businesses for customer engagement and CRM, exploitation could disrupt critical business operations and customer trust. The impact is particularly significant for sectors with stringent data protection requirements such as finance, healthcare, and telecommunications. Additionally, the lack of known exploits in the wild does not reduce the urgency, as the vulnerability is straightforward to exploit and could be weaponized rapidly once publicized.

European organizations should immediately assess their use of Erxes and identify any instances running versions prior to 1.6.1. The primary mitigation is to upgrade to Erxes version 1.6.1 or later, where this access control flaw has been addressed. If upgrading is not immediately feasible, organizations should implement strict network-level access controls to restrict access to GraphQL endpoints only to trusted internal IPs or VPN users. Web application firewalls (WAFs) can be configured to detect and block suspicious "User" header manipulations. Additionally, monitoring and logging HTTP headers for anomalous values can help detect exploitation attempts. Organizations should conduct thorough audits of user activity and access logs to identify any unauthorized access. Implementing strong authentication and authorization mechanisms at the application layer, including validation of HTTP headers and tokens, is critical. Finally, organizations should prepare incident response plans specific to this vulnerability and educate their security teams about the risk and detection methods.