CVE-2024-54794 – CVE-2024-54794 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2024-54794?

CVE-2024-54794 has a CVSS score of 9.1 (CRITICAL). CVE-2024-54794 is a command injection vulnerability in SpagoBI 3.5.1 that allows attackers to execute arbitrary code through the script input feature. This affects all organizations running vulnerable SpagoBI instances, potentially compromising the entire server.

📋 TL;DR

CVE-2024-54794 is a command injection vulnerability in SpagoBI 3.5.1 that allows attackers to execute arbitrary code through the script input feature. This affects all organizations running vulnerable SpagoBI instances, potentially compromising the entire server.

💻 Affected Systems

Products:

SpagoBI

Versions: 3.5.1

Operating Systems: All operating systems running SpagoBI

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of SpagoBI 3.5.1. All deployments of this version are vulnerable.

📦 What is this software?

Spagobi by Eng

View all CVEs affecting Spagobi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover leading to data exfiltration, lateral movement, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Unauthorized code execution leading to data theft, system manipulation, or service disruption.

🟢

If Mitigated

Limited impact through network segmentation and proper access controls, but still significant risk to the SpagoBI server.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable by remote attackers.

🏢 Internal Only: HIGH - Internal instances remain vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to SpagoBI. Public proof-of-concept code is available in the referenced GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch is available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Disable script input feature

all

Disable or restrict access to the vulnerable script input functionality in SpagoBI configuration.

Modify SpagoBI configuration files to disable script execution features

Network segmentation

all

Isolate SpagoBI server from critical systems and restrict network access.

Configure firewall rules to limit inbound/outbound connections to SpagoBI server

🧯 If You Can't Patch

Implement strict access controls and limit user permissions to only necessary functions
Monitor SpagoBI logs for suspicious script execution attempts and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check if running SpagoBI version 3.5.1. Review configuration for script input feature availability.

Check Version:

Check SpagoBI version through web interface or configuration files

Verify Fix Applied:

Verify script input feature is disabled or restricted. Test that script execution is no longer possible.

📡 Detection & Monitoring

Log Indicators:

Unusual script execution in SpagoBI logs
Suspicious user activity with script input features

Network Indicators:

Unexpected outbound connections from SpagoBI server
Command and control traffic patterns

SIEM Query:

Search for 'script execution' or 'command injection' patterns in SpagoBI application logs

📊 Metadata

CVE ID: CVE-2024-54794

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.36% exploit probability (57.4th percentile)

Published: January 21, 2025

Last Updated: October 17, 2025

🔗 References

https://github.com/MarioTesoro/CVE-2024-54794 Exploit,Third Party Advisory
https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-54794

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54794, you might also want to check these: