CVE-2024-11625: 
Progress Sitfinity vulnerability analysis and mitigation

CVE-2024-11625 is an Information Exposure Through an Error Message vulnerability affecting Progress Software Corporation's Sitefinity CMS. The vulnerability impacts multiple versions of Sitefinity, including versions from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, and from 15.2.8400 through 15.2.8421. The vulnerability was disclosed on January 7, 2025 (NVD).

The vulnerability is classified as CWE-209 (Generation of Error Message Containing Sensitive Information). It has received a CVSS v3.1 base score of 7.7 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L, indicating that it is network-accessible, requires high attack complexity, needs no privileges or user interaction, and can result in high confidentiality and integrity impact with low availability impact (NVD).

The vulnerability can lead to exposure of sensitive information through error messages, potentially compromising system security. The high CVSS score indicates significant potential impact on both confidentiality and integrity of the affected systems (NVD).

Progress Software Corporation has released an advisory detailing the vulnerability and providing mitigation instructions (Progress Community).