CVE-2024-41255

HIGH

Published Jul 31, 2024 Modified Sep 29, 2025 CWE-453

Description

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.

CVSS v3.1 Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-453 CWE-453

Affected Products

Vendor	Product	Versions
filestash	filestash	All

References

Other References

https://gist.github.com/nyxfqq/c367f2ca9448810924dcf0f1af30b441

Frequently Asked Questions

What is CVE-2024-41255? +

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go. It has a CVSS v3.1 base score of 7.5 (HIGH).

How severe is CVE-2024-41255? +

CVE-2024-41255 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-41255? +

CVE-2024-41255 affects products from filestash, specifically: filestash. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-41255? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.