CVE-2024-57248 – CVE-2024-57248 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2024-57248?

CVE-2024-57248 has a CVSS score of 6.3 (MEDIUM). CVE-2024-57248 is a directory traversal vulnerability in Gleamtech FileVista 9.2.0.0 that allows attackers to bypass access controls and upload malicious files to arbitrary locations. This can lead to remote code execution, information disclosure, and privilege escalation. Organizations using FileVista 9.2.0.0 for file management are affected.

📋 TL;DR

CVE-2024-57248 is a directory traversal vulnerability in Gleamtech FileVista 9.2.0.0 that allows attackers to bypass access controls and upload malicious files to arbitrary locations. This can lead to remote code execution, information disclosure, and privilege escalation. Organizations using FileVista 9.2.0.0 for file management are affected.

💻 Affected Systems

Products:

Gleamtech FileVista

Versions: 9.2.0.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: FileVista is typically deployed as a web application for file management.

📦 What is this software?

Filevista by Gleamtech

View all CVEs affecting Filevista →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, complete data exfiltration, and administrative privilege takeover.

🟠

Likely Case

Unauthorized file upload leading to information disclosure of sensitive files and potential lateral movement.

🟢

If Mitigated

Limited impact with proper file upload validation and access controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details available on Packet Storm; manipulation of HTTP requests to inject path traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.0.1 or later

Vendor Advisory: https://www.gleamtech.com/filevista

Restart Required: Yes

Instructions:

1. Download the latest version from Gleamtech. 2. Backup your configuration. 3. Install the update. 4. Restart the FileVista service.

🔧 Temporary Workarounds

Restrict File Uploads

windows

Implement strict file upload validation to block path traversal sequences.

Configure web server (e.g., IIS) to reject requests with '../' in file paths.

Network Segmentation

all

Limit access to FileVista to trusted networks only.

Use firewall rules to restrict inbound traffic to specific IP ranges.

🧯 If You Can't Patch

Disable file upload functionality in FileVista if not required.
Implement a web application firewall (WAF) with rules to detect and block directory traversal attempts.

🔍 How to Verify

Check if Vulnerable:

Check if FileVista version is 9.2.0.0 via the web interface or configuration files.

Check Version:

Check the web interface or examine the FileVista installation directory for version info.

Verify Fix Applied:

Confirm version is updated to 9.2.0.1 or later and test file uploads with traversal attempts.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' or similar traversal sequences in file upload parameters.
Unusual file creation in system directories.

Network Indicators:

HTTP POST requests to upload endpoints with malicious payloads.

SIEM Query:

source="filevista_logs" AND (http_uri="*../*" OR http_body="*../*")

📊 Metadata

CVE ID: CVE-2024-57248

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-22

EPSS Score: 0.19% exploit probability (40.8th percentile)

Published: February 7, 2025

Last Updated: September 15, 2025

🔗 References

https://packetstorm.news/files/id/189021 Exploit,Third Party Advisory
https://www.gleamtech.com/filevista Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57248, you might also want to check these: