CVE-2024-12138 – A critical deserialization vulnerability in hor... (How to Fix)

Q: What is the severity of CVE-2024-12138?

CVE-2024-12138 has a CVSS score of 6.3 (MEDIUM). A critical deserialization vulnerability in horilla up to version 1.2.1 allows remote attackers to execute arbitrary code by manipulating specific functions. This affects all systems running vulnerable versions of the horilla software, potentially leading to complete system compromise.

📋 TL;DR

A critical deserialization vulnerability in horilla up to version 1.2.1 allows remote attackers to execute arbitrary code by manipulating specific functions. This affects all systems running vulnerable versions of the horilla software, potentially leading to complete system compromise.

💻 Affected Systems

Products:

horilla

Versions: up to 1.2.1

Operating Systems: All platforms running horilla

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 1.2.1 are vulnerable by default.

📦 What is this software?

Horilla by Horilla

View all CVEs affecting Horilla →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attacker to gain shell access, install malware, or pivot to other systems.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication.

🏢 Internal Only: MEDIUM - Still vulnerable to internal threats but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub, making exploitation trivial for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider migrating to alternative software or implementing strict workarounds.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to horilla instances using firewall rules

iptables -A INPUT -p tcp --dport [horilla_port] -s [trusted_networks] -j ACCEPT
iptables -A INPUT -p tcp --dport [horilla_port] -j DROP

Application Firewall Rules

all

Block access to vulnerable endpoints using web application firewall

# WAF rule to block /request_new, /get_employee_shift, /create_reimbursement, /key_result_current_value_update, /create_meetings, /create_skills

🧯 If You Can't Patch

Isolate horilla instances in separate network segments with strict firewall rules
Implement web application firewall to block malicious requests to vulnerable endpoints

🔍 How to Verify

Check if Vulnerable:

Check horilla version. If version is 1.2.1 or earlier, system is vulnerable.

Check Version:

Check horilla configuration files or admin interface for version information

Verify Fix Applied:

No official fix available. Verify workarounds by testing restricted access to vulnerable endpoints.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to /request_new, /get_employee_shift, /create_reimbursement, /key_result_current_value_update, /create_meetings, /create_skills endpoints
Suspicious deserialization errors in application logs

Network Indicators:

Unusual outbound connections from horilla server
Traffic patterns indicating exploitation attempts

SIEM Query:

source="horilla_logs" AND (uri_path="/request_new" OR uri_path="/get_employee_shift" OR uri_path="/create_reimbursement" OR uri_path="/key_result_current_value_update" OR uri_path="/create_meetings" OR uri_path="/create_skills")

📊 Metadata

CVE ID: CVE-2024-12138

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

Published: December 4, 2024

Last Updated: September 19, 2025

🔗 References

https://github.com/Sp1d3rL1/horilla-RCE Exploit,Third Party Advisory
https://vuldb.com/?ctiid.286858 Permissions Required,VDB Entry
https://vuldb.com/?id.286858 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.451515 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12138, you might also want to check these: