- Description
- In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- harmony, lexicom, vltrader
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Cleo Multiple Products Unrestricted File Upload Vulnerability
- Exploit added on
- Dec 13, 2024
- Exploit action due
- Jan 3, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
At first glance -- only just testing our PoC, not analyzing the code for their patch yet.. ✅ the new 5.8.0.24 patch version for Cleo software Harmony/VLTrader/LexiCom DOES look to be effective at preventing our HuntressLabs proof-of-concept exploit. (0-day, not CVE-2024-50623)
@johnhammond12A
12 Jul 2025
365 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
21 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
20 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
19 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
18 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
17 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
16 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
16 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 شركة تأجير السيارات العالمية Hertz تعلن عن اختراق بسبب استغلال ثغرة Zero-day (CVE-2024-55956) في منصة Cleo و (CVE-2024-50623)، في ديسمبر الماضي، مما أدى لتسريب بيانات حساسة للعملاء تشمل معلومات بطاقات الائتمان ورخص القيادة. 🔸 البيانات المسربة تخص عملاء في أمريكا وكندا https
@xabdul
16 Apr 2025
337 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 شركة تأجير السيارات العالمية Hertz تعلن عن اختراق بسبب استغلال ثغرة Zero-Dat (CVE-2024-55956) في منصة Cleo و (CVE-2024-50623)، في ديسمبر الماضي، مما أدى لتسريب بيانات حساسة للعملاء تشمل معلومات بطاقات الائتمان ورخص القيادة. 🔸 البيانات المسربة تخص عملاء في أمريكا وكندا https
@xabdul
16 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50623
@transilienceai
16 Apr 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Ransomware hits all-time high! Feb 2025 saw 962 attacks, double last year's. Clop exploited Cleo flaws (CVE-2024-50623/55956) causing a massive spike. Don't wait for disaster. Contact Bee IT Solutions for robust cybersecurity. https://t.co/wM7WEaFwUT #XDR #ThreatHunting https://t
@beeitsolutions1
17 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 El ransomware CL0P intensificó sus ataques a organizaciones de telecomunicaciones y atención médica de todo el mundo aprovechando una vulnerabilidad en el software de integración de Cleo (CVE-2024-50623), comprometiendo más de 80 organizaciones solo en febrero de 2025. 🧉 http
@MarquisioX
21 Feb 2025
48 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
تازگی باج افزاری به نام Cl0p منتشر شده است که از آسیب پذیری با کد شناسایی (CVE-2024-50623) برای گرفتن دسترسی اولیه به سیستم ها استفاده می کند. این باج افزار از تکنیک هایی شامل : Process Injection و DLL Side-Loading برای اجرای dll های مخرب استفاده میکند. https://t.co/Poz3aKY03t h
@AmirHossein_sec
12 Feb 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Flash Notice: CVE-2024-50623 Actively Exploited - Patch and Scan | 19-01-2025 Source: https://t.co/kKhNIC8uRQ Key details below ↓ 🎯Victims: Consumer products, Food, Trucking, Shipping 🏭Industry: Foodtech, Transport 🔓CVEs: CVE-2024-50623… https
@rst_cloud
20 Jan 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔵 Cleo Unrestricted File Upload Vulnerability (#CVE-2024-50623) https://t.co/4mdHpnaYf6
@dailycve
30 Dec 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cl0p ransomware lists 66 Cleo victims, exploiting CVE-2024-50623 for RCE. 48-hour ultimatum for ransom negotiations. #infosec #cyber #security @TechRadar https://t.co/bIgZuqSFJq
@gothburz
30 Dec 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Clop ransomware gang is now extorting 66 victims from its Cleo data theft, demanding action in 48 hours or else! They exploited a zero-day vulnerability (CVE-2024-50623). ⏳💻 #CleoDataTheft #ClopRansomware #DataBreach #CybersecurityNews link: https://t.co/vYvPzvDfTl https://t.co
@TweetThreatNews
26 Dec 2024
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Clopランサムウェア集団がCleoからのデータ漏洩により66被害企業を脅迫している。対応期限は48時間後。CVE-2024-50623の悪用。マクニカの瀬治山豊氏(@nekono_naha)によると、企業名の一部は伏せられているが一部企業は公開Web上のサーバとの突合で特定可能だとしている。 https://t.co/fGViNqCEga
@__kokumoto
24 Dec 2024
1709 Impressions
7 Retweets
9 Likes
2 Bookmarks
1 Reply
0 Quotes
Cleo の脆弱性 CVE-2024-50623 の悪用:Clop ランサムウェア・グループの犯行が濃厚 https://t.co/IRuMG9ueHs Cleo の脆弱性 CVE-2024-50623 ですが、第一報は 2024/12/10 の「Cleo 製品群の脆弱性 CVE-2024-50623 の積極的な悪用:Huntress が PoC… https://t.co/I2VDETAHQj
@iototsecnews
24 Dec 2024
88 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#WeeklyThreats: CVE-2024-50623 e CVE-2024-55956 di Cleo sfruttate da #TA505, operazioni inedite colpiscono #Kiev, nuovi tool di sorveglianza associati a #Russia e #Cina. L'ultima settimana nel nostro report #OSINT e #CTI 🔗 https://t.co/0Iuo0NeTDA @TelsyGruppoTIM #Intelligence
@TS_WAY_SRL
23 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cleo の脆弱性 CVE-2024-50623 が標的:洗練された Java バックドアを検出 https://t.co/J7xyWI2yZz Cleo の脆弱性 CVE-2024-50623 ですが、かなりの技術力を持つ脅威アクターが、バックドアを展開しているようです。ご利用のチームは、十分に ご注意ください。 この件に関する第一報は、2024/12/10… https://t.co/PxJaEzIblF
@iototsecnews
23 Dec 2024
98 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A Clop ransomware banda magára vállalta a felelősséget a Cleot ért adatlopási támadásokért A Clop ransomware banda megerősítette a BleepingComputernek, hogy ők állnak a legutóbbi Cleo adatlopási támadások hátterében, akik a támadások során a CVE-2024-50623 és CVE-2024-55956 el…
@linuxmint_hun
21 Dec 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623) - watchTowr Labs https://t.co/bbxUV1yJIX
@_r_netsec
20 Dec 2024
793 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
ICYMI WOTW = Spray Attacks 🚿 🔹 Top threats this week: Mirai Backdoor and REvil Ransomware 🔹 Critical vulnerabilities include CVE-2024-50623 And we share how Gradient Cyber’s MXDR services help stop these attacks before they take hold. Catch up now: https://t.co/KIOt9fuKAK ht
@GradientCyber
19 Dec 2024
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
برای محصول Cleo آسیب پذیری با کد شناسایی CVE-2024-50623 منتشر شده است . این آسیب پذیری از نوع RCE بوده و به هکرها بدون احراز هویت امکان اجرای کد بر روی سیستم آسیب پذیر را می دهند. این آسیب پذیری در ورژن های قبل از 5.8.0.21 مربوط به این محصول وجود دارد. https://t.co/Poz3aKYxT1 htt
@AmirHossein_sec
18 Dec 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50623 puts #Cleo’s file transfer software at risk. 💻 Learn more in this #CybersecurityThreatAdvisory: https://t.co/8W42axdMlM
@BarracudaMSP
17 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-50623: ⚠️ ¡Alerta crítica en Cleo Harmony, VLTrader y LexiCom! 💻 Un atacante no autenticado puede ejecutar comandos Bash o PowerShell arbitrarios en versiones previas a la 5.8.0.24. https://t.co/1FsgOOIDBk
@tpx_Security
17 Dec 2024
147 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
SFTP Gateway and StorageLink are both secure against the Cleo vulnerability and CVE-2024-50623. A key aspect of CVE-2024-50623 is its exploitation of Cleo’s “autorun” directory, which automatically executes files uploaded to it. Thorn Technologies’ products (SFTP Gateway and…
@thorntech
17 Dec 2024
33 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Cyber Threat Neutralized: Cleo Vulnerability CVE-2024-50623 When it comes to cybersecurity, every second counts! 👉 How secure is your business? Don’t wait for a breach—contact Reboot, Inc. to safeguard your IT investments. https://t.co/7nBqtoiNCc #ManagedServices #RebootInc
@RebootInc
17 Dec 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) - Cl0P s Latest Attack Vector | 16-12-2024 Source: https://t.co/DxVI7lFxpC Key details below ↓ 💀Threats: Clop, Termite, Supply_chain_technique, Malichus, 🎯Victims: Blue yonder…
@rst_cloud
17 Dec 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Clop ransomware exploits Cleo Vulnerability in its attacks #ClopRansomware #CVE-2024-50623 #Cleo https://t.co/kTS89IeZsu
@pravin_karthik
17 Dec 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity WOTW: Spray Attacks Actively Exploited Vulnerabilities Include: • Cleo File Upload (CVE-2024-50623) • Microsoft CLFS Buffer Overflow (CVE-2024-49138) • Ivanti Connect Secure Command Injection (CVE-2024-21887) 👉Read the blog: https://t.co/mLYWd1ZfIJ https://t.co/
@GradientCyber
16 Dec 2024
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The notorious Clop ransomware is back to making headlines, this time targeting Cleo's file transfer platforms. By exploiting a critical zero-day vulnerability (CVE-2024-50623), the group gained unauthorized access to sensitive data. 🔴 CVE-2024-50623 CVSS 8.8 Cleo fixed the… ht
@cytexsmb
16 Dec 2024
351 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
2 Quotes
Clopランサムウェア、Cleo製品のゼロデイ使ったデータ窃取攻撃の実施認める(CVE-2024-50623) https://t.co/4IBRxJYaES #izumino_trend
@sec_trend
16 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) – Cl0P’s Latest Attack Vector https://t.co/R7uAQhqQJY Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) – Cl0P’s Latest Attack Vector Recently, vulnerabilities in Cleo’s file transfer softw…
@f1tym1
16 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49138 is getting exploited #inthewild. Find out more at https://t.co/4vzA9Bo0Tc CVE-2024-50623 is getting exploited #inthewild. Find out more at https://t.co/nxYHjmvoLI
@inthewildio
16 Dec 2024
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-49112 2 - CVE-2024-50623 3 - CVE-2024-53677 4 - CVE-2024-42845 5 - CVE-2024-54143 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
16 Dec 2024
32 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Cleo Unrestricted file upload and download PoC (CVE-2024-50623) https://t.co/4mNjK4Cm41
@turne85540
16 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The recent security advisory from Cleo, CVE-2024-50623, is identified as an unrestricted file upload/download issue that could potentially lead attackers to execute arbitrary code by uploading then downloading files without proper restrictions. 🧵 https://t.co/6UoeiMTihV
@mcgibson_source
16 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️Clopランサムウェア、Cleo製品のゼロデイ使ったデータ窃取攻撃の実施認める(CVE-2024-50623) 〜サイバーセキュリティ週末の話題〜 https://t.co/MMwIrh6I2q #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
16 Dec 2024
158 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Clopランサムウェア集団がCleo社の各種ファイル転送基盤からのデータ窃取に関して犯行声明。Harmony、VLTrader、LexiCoに影響している。Cleo公式は10月にCVE-2024-50623を修正したが、Huntress社は修正は不十分で迂回可能と指摘。 https://t.co/3w1PN73ByH 政府系や医療系等のデータは消すと、同集団… https://t.co/4C5j7XF5v2
@__kokumoto
15 Dec 2024
397 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Το Clop ransomware αναλαμβάνει την ευθύνη για επιθέσεις κλοπής δεδομένων Cleo Διάβασε το άρθρο Εδώ: https://t.co/cBlgjfVNFF CL0P, CVE-2024-50623, Ransomware, Εκβιασμός, Κλεό, Κλοπ, Κλοπή Δεδομένων https://t.co/Nr9uBkdjYs
@TechWarGR1
15 Dec 2024
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I criminali informatici stanno sfruttando una vulnerabilità (CVE-2024-50623) del software Cleo | @CleoNeverStops Maggiori info, qui: 🔗 https://t.co/6XpQCzVVpg Nello screenshot, il comunicato di CL0P uno tra i più noti attori #Ransomware. https://t.co/5BMcvbtCsQ https://t.co/d4Y
@sonoclaudio
15 Dec 2024
324 Impressions
1 Retweet
6 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Following Cleo vulnerability exploitation, the Cl0p ransomware group releases a message. 🚨 After CISA's confirmation that a critical vulnerability (CVE-2024-50623) in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks, the Cl0p
@H4ckmanac
15 Dec 2024
6026 Impressions
9 Retweets
21 Likes
4 Bookmarks
2 Replies
0 Quotes
[1day1line] CVE-2024-50623: Arbitrary File Read & Write Vulnerabilities in Cleo's Harmony, LexiCom, VLTrader While handling http requests, data from user was not properly filtered, resulting in path traversal that leads arbitrary file read, write. https://t.co/VTin5GDBi3
@hackyboiz
14 Dec 2024
1109 Impressions
4 Retweets
26 Likes
12 Bookmarks
0 Replies
0 Quotes
CISA Adds One Known Exploited Vulnerability to Catalog: CVE-2024-50623 - Cleo Multiple Products Unrestricted File Upload Vulnerability https://t.co/tmCUeW5ek7 https://t.co/H1fcaaw8Hd
@TMJIntel
14 Dec 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Threat actors are exploiting a critical flaw (CVE-2024-50623) in Cleo’s file transfer tools—even fully patched systems are at risk! 🔎 What’s Happening? ⁃ Over 1,342 Cleo systems are exposed online. ⁃ Attackers use the autorun feature to execute malicious code. ⁃ Victims… htt
@TheHackersNews
14 Dec 2024
10829 Impressions
17 Retweets
43 Likes
6 Bookmarks
1 Reply
0 Quotes
Cleo Vulnerability added to CISA KEV Catalog #CLEO #CVE-2024-50623 https://t.co/BiYRpUwLhs
@pravin_karthik
14 Dec 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに、Cleoの複数製品における無制限アップロードの脆弱性CVE-2024-50623を追加。対処期限は通常の1/3。ランサムウェアによる悪用は不知。 https://t.co/GG6EndJgYS
@__kokumoto
14 Dec 2024
696 Impressions
0 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cleo:harmony:*:*:*:*:*:*:*:*",
"matchCriteriaId": "829892E7-DFA5-4153-A1B0-D2C64054ED9F",
"versionEndExcluding": "5.8.0.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cleo:lexicom:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA757293-8537-4DCE-BC91-E2D4A5CB08B3",
"versionEndExcluding": "5.8.0.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cleo:vltrader:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01120D67-ED19-4B22-9484-A39715E02058",
"versionEndExcluding": "5.8.0.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]