FlagThis

Cybersecurity experts are warning of a mass exploitation of a critical PHP vulnerability, CVE-2024-4577. This flaw allows attackers to remotely execute code on vulnerable servers using Apache and PHP-CGI. GreyNoise data has confirmed that the exploitation extends far beyond initial reports, with attack attempts observed across multiple regions. Notable spikes have been detected in the United States, Singapore, Japan, and other countries throughout January 2025, signaling a broad campaign targeting this vulnerability.

Cisco Talos has discovered an active exploitation of CVE-2024-4577. The attacker gains access to victim machines and carries out post-exploitation activities. The attempted exploitation has escalated across the U.S., Japan, Singapore, and other parts of the world. GreyNoise detected over 1,000 attacks globally. Experts urge organizations to apply the necessary patches and monitor for suspicious activity to mitigate the risk of compromise.

ImgSrc: static.wixstati

References :

• Cisco Talos Blog: Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities.
• securityaffairs.com: Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. Over 1,000 attacks detected globally.
• www.scworld.com: Attempted exploitation escalated across the U.S., Japan, Singapore, and other parts of the world.
• www.cybersecuritydive.com: Critical PHP vulnerability under widespread cyberattack
• The GreyNoise Blog: GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign

Classification:

• HashTags: #PHP #RCE #CVE-2024-4577
• Company: PHP
• Target: Servers
• Product: PHP-CGI
• Feature: Remote Code Execution
• Malware: CVE-2024-4577
• Type: Vulnerability
• Severity: Critical