CVE-2024-57764 in MSFM
Summary
by MITRE • 01/15/2025
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/30/2025
The vulnerability identified as CVE-2024-57764 affects MSFM versions prior to 2025.01.01 and represents a critical fastjson deserialization flaw within the component system/table/add functionality. This vulnerability resides in the server-side processing of data structures that utilize the fastjson library for object serialization and deserialization operations. The flaw manifests when the application receives and processes user-supplied data through the table/add endpoint, which fails to properly validate or sanitize input parameters before attempting deserialization. The fastjson library, while widely used for its performance characteristics, has historically been susceptible to deserialization attacks due to its ability to instantiate arbitrary classes during the parsing process. This particular vulnerability allows an attacker to craft malicious input that, when processed by the vulnerable system, can trigger unintended code execution or arbitrary object instantiation.
The technical exploitation of this vulnerability leverages the inherent weaknesses in fastjson's deserialization mechanism where the library automatically instantiates Java objects based on type information present in the serialized data. When the system processes requests through the component system/table/add endpoint, it accepts serialized data that includes class metadata, enabling attackers to specify which classes should be instantiated during deserialization. This creates a pathway for remote code execution attacks, as demonstrated by various past incidents involving fastjson vulnerabilities. The vulnerability's impact extends beyond simple data processing since it directly affects the application's ability to securely handle external input, potentially allowing attackers to execute arbitrary commands on the server or gain unauthorized access to system resources.
The operational implications of this vulnerability are severe and multifaceted, as it provides attackers with a potential entry point for lateral movement within affected networks. Organizations utilizing vulnerable MSFM versions face significant risks including unauthorized data access, system compromise, and potential escalation to full system control. The vulnerability's presence in a table management component suggests that attackers could manipulate database structures or inject malicious payloads into system tables, potentially leading to data corruption or unauthorized access to sensitive information. The attack surface is particularly concerning given that the vulnerability exists in a core system component that likely handles various administrative functions, making it an attractive target for threat actors seeking persistent access or privilege escalation. According to CWE classification, this vulnerability maps to CWE-502 which specifically addresses deserialization of untrusted data, and aligns with ATT&CK techniques related to exploitation of remote services and privilege escalation through code injection.
Mitigation strategies for CVE-2024-57764 should prioritize immediate patching of affected MSFM installations to version 2025.01.01 or later, which contains the necessary fixes for the fastjson deserialization vulnerability. Organizations should implement strict input validation and sanitization measures to prevent malicious data from reaching the deserialization layer, particularly focusing on the component system/table/add endpoint. Network segmentation and access controls should be enforced to limit exposure of vulnerable components to untrusted networks, while monitoring systems should be configured to detect anomalous patterns in table management operations. Additionally, organizations should consider implementing application firewalls or web application security controls that can identify and block malicious deserialization attempts. The remediation process should include thorough testing of patched systems to ensure that security fixes do not introduce regressions in system functionality, while also conducting comprehensive vulnerability assessments to identify any other potential deserialization vulnerabilities within the application stack. Regular security updates and vulnerability management processes should be strengthened to prevent similar issues from arising in the future, particularly given the historical prevalence of deserialization vulnerabilities in Java applications.