Skip to main content

CVE-2024-57190: n/a in n/a

Critical
VulnerabilityCVE-2024-57190cvecve-2024-57190
Published: Tue Jun 10 2025 (06/10/2025, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.

AI-Powered Analysis

AILast updated: 07/11/2025, 23:02:16 UTC

Technical Analysis

CVE-2024-57190 is a critical security vulnerability affecting Erxes versions prior to 1.6.1. The vulnerability arises from incorrect access control mechanisms within the application, specifically related to the handling of the "User" HTTP header. An attacker can exploit this flaw by crafting a request that includes a "User" header containing any arbitrary user identifier. This manipulation allows the attacker to bypass authentication controls and gain unauthorized access to any GraphQL endpoint exposed by the Erxes platform. GraphQL endpoints typically provide flexible and powerful querying capabilities, often exposing sensitive data and operations. By bypassing authentication, an attacker can potentially read, modify, or delete data, execute administrative functions, or perform other malicious actions depending on the privileges associated with the impersonated user. The vulnerability does not require prior authentication or user interaction, making it easier to exploit. Although no known exploits are currently reported in the wild, the critical nature of the flaw and the ease of exploitation make it a significant risk. The lack of a CVSS score suggests that the vulnerability is newly published and may not yet have been fully assessed, but the described impact and attack vector clearly indicate a high-severity issue. The absence of vendor or product details beyond the Erxes version implies that this vulnerability is specific to the Erxes platform, an open-source customer experience and marketing platform that integrates CRM, messaging, and other business tools. Organizations using Erxes versions before 1.6.1 are at risk of unauthorized data access and potential compromise of their customer interaction systems.

Potential Impact

For European organizations using Erxes, this vulnerability poses a severe risk to the confidentiality, integrity, and availability of customer data and internal communications. Unauthorized access to GraphQL endpoints could lead to data breaches involving personal data protected under GDPR, resulting in legal penalties and reputational damage. Attackers could manipulate customer records, disrupt marketing campaigns, or gain footholds for further network intrusion. The ability to impersonate any user without authentication increases the risk of privilege escalation and insider threat scenarios. Given that Erxes is used by businesses for customer engagement and CRM, exploitation could disrupt critical business operations and customer trust. The impact is particularly significant for sectors with stringent data protection requirements such as finance, healthcare, and telecommunications. Additionally, the lack of known exploits in the wild does not reduce the urgency, as the vulnerability is straightforward to exploit and could be weaponized rapidly once publicized.

Mitigation Recommendations

European organizations should immediately assess their use of Erxes and identify any instances running versions prior to 1.6.1. The primary mitigation is to upgrade to Erxes version 1.6.1 or later, where this access control flaw has been addressed. If upgrading is not immediately feasible, organizations should implement strict network-level access controls to restrict access to GraphQL endpoints only to trusted internal IPs or VPN users. Web application firewalls (WAFs) can be configured to detect and block suspicious "User" header manipulations. Additionally, monitoring and logging HTTP headers for anomalous values can help detect exploitation attempts. Organizations should conduct thorough audits of user activity and access logs to identify any unauthorized access. Implementing strong authentication and authorization mechanisms at the application layer, including validation of HTTP headers and tokens, is critical. Finally, organizations should prepare incident response plans specific to this vulnerability and educate their security teams about the risk and detection methods.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-01-09T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 68487f521b0bd07c39389c6c

Added to database: 6/10/2025, 6:54:10 PM

Last enriched: 7/11/2025, 11:02:16 PM

Last updated: 8/17/2025, 1:34:38 PM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats