CVE-2024-50623: Cleo File Transfer RCE

Score: 9.8
CRITICAL
Published: 2024-12-09Affected: Cleo Harmony, VLTrader, LexiCom < 5.8.0.21CWE-434 β†—

What is the Cleo file transfer vulnerability?

An unrestricted file upload and download vulnerability in Cleo file transfer products. Unauthenticated attackers can execute arbitrary commands by uploading a malicious autorun file to the server. Exploited by the Cl0p ransomware group.

Impact & Exploitation

Cl0p mass exploitation campaign targeting 60+ organizations. Third MOVEit-style attack on managed file transfer products. Affects enterprises using Cleo for B2B file exchange.

Related Resources

πŸ” Related CWE Entries

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-434
Published2024-12-09

Tags

file-transferransomwarecl0pfile-upload

Quick Links

Is your system affected?

Precogs AI detects Cleo File Transfer RCE in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-50623 Cleo File Transfer RCE don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo