CVE-2024-50623: Cleo Multiple Products Unrestricted File Upload

Cleo Multiple Products Unrestricted File Upload Vulnerability. Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges.

• CISA KEV-listed (remediation due 2025-01-03)
• used in ransomware campaigns
• EPSS 94.0% (99.9% percentile)

Detection rules

• CVE-2024-50623 Exploitation Attempt - Cleo high

Browse the CVE database

Read the full analysis on IntelFusions