CVE-2024-55964
published 2025-03-26CVE-2024-55964: An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.27%
92.7th percentile
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| appsmith | appsmith | < 1.52 | 1.52 |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker must authenticate to Appsmith, create a datasource, create a query against that datasource, and execute that query — monitor for unusual datasource/query creation activity by non-admin users in Appsmith audit logs ↗
- →A Metasploit module exists for this CVE targeting Linux HTTP services; monitor for exploit framework signatures against Appsmith endpoints ↗
- →RCE is achieved via a misconfigured PostgreSQL instance bundled inside the Appsmith Docker image; monitor for unexpected process spawning from PostgreSQL processes within the Appsmith container (e.g., postgres spawning shell processes) ↗
- ·Vulnerability only affects Appsmith versions before 1.52; verify deployed version to confirm exposure ↗
- ·The attack vector requires the attacker to already have authenticated access to Appsmith and sufficient privileges to create datasources and queries — this is not an unauthenticated pre-auth RCE ↗
- ·RCE is scoped to inside the Appsmith Docker container; impact depends on container isolation and privilege configuration of the deployment ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No writeups or analysis indexed.
2025-03-26
Published