CVE-2024-57763 in MSFM
Summary
by MITRE • 01/15/2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/30/2025
The vulnerability identified as CVE-2024-57763 affects MSFM versions prior to 2025.01.01 and represents a critical fastjson deserialization flaw within the component system/table/addField functionality. This vulnerability exposes the system to remote code execution risks when processing untrusted input through the table field addition component. The flaw resides in how the application handles deserialization of JSON data, specifically when adding new fields to database tables through the affected API endpoint.
The technical implementation of this vulnerability stems from insecure deserialization practices within the fastjson library integration. When the system processes JSON payloads through the addField endpoint, it fails to properly validate or sanitize input data before deserializing it into Java objects. This creates an opportunity for attackers to craft malicious JSON payloads that can trigger arbitrary code execution on the target system. The vulnerability aligns with CWE-502 which specifically addresses deserialization of untrusted data, and represents a classic example of insecure deserialization that enables remote code execution attacks.
The operational impact of this vulnerability is significant as it allows remote attackers to execute arbitrary code on affected systems without authentication. An attacker could leverage this flaw to gain full control over the application server, potentially leading to data breaches, system compromise, or lateral movement within network environments. The vulnerability affects the core table management functionality, which is likely used by administrators and applications for database schema modifications, making it a high-value target for exploitation. This type of vulnerability is particularly dangerous as it can be exploited through web interfaces and requires minimal privileges to initiate.
Security professionals should immediately implement mitigations including updating to MSFM version 2025.01.01 or later, which contains the necessary patches for this vulnerability. Organizations should also consider implementing network segmentation and access controls to limit exposure of the affected endpoint. Additional defensive measures include input validation, JSON schema validation, and monitoring for suspicious deserialization activities. The vulnerability demonstrates the importance of following secure coding practices and the risks associated with using libraries that have known deserialization vulnerabilities. This case highlights the necessity for regular security assessments and patch management processes to prevent exploitation of known vulnerabilities. Organizations should also consider implementing application firewalls and web application security monitoring to detect and prevent exploitation attempts. The ATT&CK framework categorizes this vulnerability under T1210 - Exploitation of Remote Services and T1059 - Command and Scripting Interpreter, emphasizing the need for comprehensive security controls across multiple attack vectors.