PT-2025-15664 · Lucee · Lucee
Published
2025-04-08
·
Updated
2025-06-25
·
CVE-2024-55354
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Lucee versions prior to 5.4.7.3 LTS
Lucee versions prior to 6.1.1.118
Description:
The issue is related to a protection mechanism failure. When an attacker can place files on the server, this failure can allow the attacker to run code that would be expected to be blocked and access resources that would be expected to be protected.
Recommendations:
For versions prior to 5.4.7.3 LTS, update to version 5.4.7.3 LTS or later.
For versions prior to 6.1.1.118, update to version 6.1.1.118 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lucee