Vendure - Path Traversal (CVE-2024-48914)
459Exploiting IPs reported
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`.
CrowdSec analysis
CVE-2024-48914 is a vulnerability in Vendure's asset server plugin that allows attackers to perform path traversal attacks, enabling unauthorized access to sensitive files on the server such as configuration files and environment variables. Additionally, a malformed URI can be used to crash the server, potentially leading to denial-of-service conditions. This flaw could be exploited to steal confidential data or disrupt e-commerce operations until patched in versions 3.0.5 and 2.3.3.
CrowdSec has been tracking this vulnerability and its exploits since 25th of June 2025.
According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2024-48914 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2024-48914 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2024-48914 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.
Attackers exploit this vulnerability by sending requests to URLs containing /assets/../ to traverse directories and read arbitrary files from the server, such as configuration files or sensitive data.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.