CVE-2024-12088

Q: What is the severity of CVE-2024-12088?

CVE-2024-12088 has a CVSS score of 6.5 (MEDIUM). A path traversal vulnerability in rsync's --safe-links option allows attackers to write files outside intended directories when the client fails to properly verify nested symbolic links from the server. This affects rsync clients using the --safe-links option with untrusted servers. Users syncing from malicious or compromised servers are at risk.

6.5 MEDIUM

Path Traversal

📋 TL;DR

A path traversal vulnerability in rsync's --safe-links option allows attackers to write files outside intended directories when the client fails to properly verify nested symbolic links from the server. This affects rsync clients using the --safe-links option with untrusted servers. Users syncing from malicious or compromised servers are at risk.

💻 Affected Systems

Products:

rsync

Versions: Versions before 3.3.2

Operating Systems: Linux, Unix-like systems, Windows via ports

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using the --safe-links option with an untrusted or compromised rsync server.

📦 What is this software?

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Enterprise Linux Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →

Linux by Gentoo

View all CVEs affecting Linux →

Nixos by Nixos

View all CVEs affecting Nixos →

Openshift Container Platform by Redhat

View all CVEs affecting Openshift Container Platform →

Rsync by Samba

View all CVEs affecting Rsync →

Smartos by Tritondatacenter

View all CVEs affecting Smartos →

Suse Linux by Novell

View all CVEs affecting Suse Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary file write leading to remote code execution, data theft, or system destruction.

🟠

Likely Case

Unauthorized file writes to sensitive locations, potentially enabling privilege escalation or data manipulation.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and trusted server policies are enforced.

🌐 Internet-Facing: MEDIUM - Requires client to connect to malicious server; less likely than server-side vulnerabilities.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they control rsync servers or compromise trusted servers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the client to initiate a sync with a malicious server; no authentication bypass needed on client side.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: rsync 3.3.2 and later

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-12088

Restart Required: No

Instructions:

1. Update rsync to version 3.3.2 or later using your package manager. 2. For Red Hat systems, apply relevant errata: RHSA-2025:2600, RHSA-2025:7050, or RHSA-2025:8385. 3. Verify the update with 'rsync --version'.

🔧 Temporary Workarounds

Disable --safe-links

all

Remove --safe-links option from rsync commands if not required, though this reduces security against symlink attacks.

Replace 'rsync --safe-links ...' with 'rsync ...' in scripts/commands

Use trusted servers only

all

Restrict rsync client connections to verified, trusted servers to prevent exploitation.

🧯 If You Can't Patch

Implement strict network controls to allow rsync only to trusted internal servers.
Monitor rsync logs for unusual file write patterns and audit server integrity regularly.

🔍 How to Verify

Check if Vulnerable:

Run 'rsync --version' and check if version is below 3.3.2; also verify if --safe-links is used in configurations.

Check Version:

rsync --version | head -1

Verify Fix Applied:

Run 'rsync --version' and confirm version is 3.3.2 or higher; test with a safe symlink scenario if possible.

📡 Detection & Monitoring

Log Indicators:

Unusual file write patterns in rsync logs, especially outside expected directories
Errors related to symlink verification in rsync client logs

Network Indicators:

Unexpected rsync connections to unknown or external servers
Anomalous data transfers via rsync protocol

SIEM Query:

source="rsync" AND (event="write" OR event="symlink") AND path NOT CONTAINS "/expected/directory/"

📊 Metadata

CVE ID: CVE-2024-12088

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: CWE-22

EPSS Score: 2.94% exploit probability (86.1th percentile)

Published: January 14, 2025

Last Updated: November 3, 2025

🔗 References

https://access.redhat.com/errata/RHSA-2025:2600 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:7050 Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:8385 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-12088 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2330676 Issue Tracking,Third Party Advisory
https://kb.cert.org/vuls/id/952657 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
https://security.netapp.com/advisory/ntap-20250131-0002/
https://www.kb.cert.org/vuls/id/952657
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Almalinux by Almalinux

Almalinux by Almalinux

Almalinux by Almalinux

Arch Linux by Archlinux

Discovery by Redhat

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux For Arm 64 by Redhat

Enterprise Linux For Arm 64 by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Power Little Endian by Redhat

Enterprise Linux For Power Little Endian by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

Enterprise Linux Update Services For Sap Solutions by Redhat

Linux by Gentoo

Nixos by Nixos

Openshift Container Platform by Redhat

Rsync by Samba

Smartos by Tritondatacenter

Suse Linux by Novell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable --safe-links

Use trusted servers only

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities