Login Sign Up

CVE-2024-30205

7.1 HIGH

📋 TL;DR

This vulnerability in Emacs Org mode allows remote file contents to be executed as trusted code when opened in Org mode. It affects Emacs versions before 29.3 and Org mode versions before 9.6.23. Users who open remote Org files from untrusted sources are at risk.

💻 Affected Systems

Products:
  • GNU Emacs
  • Org mode
Versions: Emacs < 29.3, Org mode < 9.6.23
Operating Systems: All platforms running affected Emacs versions
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all configurations where Org mode is used to open remote files via protocols like HTTP, FTP, or SSH.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Emacs by Gnu

View all CVEs affecting Emacs →

Org Mode by Gnu

View all CVEs affecting Org Mode →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise when a user opens a malicious remote Org file.

🟠

Likely Case

Local file system access and arbitrary code execution within the user's context when opening crafted remote Org files.

🟢

If Mitigated

Limited impact if users avoid opening remote Org files from untrusted sources and have proper file access controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious remote files, but common in development workflows.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious remote files from compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open a malicious remote file. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Emacs 29.3 or later, Org mode 9.6.23 or later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html

Restart Required: Yes

Instructions:

1. Update Emacs to version 29.3 or later using your package manager. 2. Update Org mode to version 9.6.23 or later. 3. Restart Emacs to apply changes.

🔧 Temporary Workarounds

Disable remote file loading in Org mode

all

Prevent Org mode from loading remote files by setting org-link-file-path-type to 'absolute'

(setq org-link-file-path-type 'absolute)

Avoid opening remote Org files

all

Do not open Org files from remote/untrusted sources until patched

🧯 If You Can't Patch

  • Implement strict access controls to prevent users from opening remote files in Emacs
  • Use network segmentation to restrict access to remote file sources from Emacs systems

🔍 How to Verify

Check if Vulnerable:

Check Emacs version with 'emacs --version' and Org mode version with 'M-x org-version' in Emacs

Check Version:

emacs --version | head -1

Verify Fix Applied:

Verify Emacs version is 29.3+ and Org mode version is 9.6.23+ using the same commands

📡 Detection & Monitoring

Log Indicators:

  • Emacs processes accessing remote URLs with Org mode file extensions (.org)

Network Indicators:

  • Outbound connections from Emacs to remote file servers when opening Org files

SIEM Query:

process.name:"emacs" AND network.destination.ip:(external_ips) AND url.path:"*.org"

📊 Metadata

CVE ID: CVE-2024-30205
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CWE: CWE-494
Published: March 25, 2024
Last Updated: May 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30205, you might also want to check these:

CVE-2020-1210 9.9

This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers...

Same vulnerability type (CWE-494)
CVE-2020-1595 9.9

CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improp...

Same vulnerability type (CWE-494)
CVE-2025-40604 9.8

This critical vulnerability in SonicWall Email Security appliances allows attackers with access to v...

Same vulnerability type (CWE-494)