Command Injection Flaw in NASA Fprime Allows Arbitrary Command Execution
CVE-2024-55030

9.8CRITICAL

Key Information:

Vendor: NASA
Status: Fprime
Vendor: CVE Published:; 25 March 2025

What is CVE-2024-55030?

A command injection vulnerability exists in the Command Dispatcher Service of NASA's Fprime v3.4.3. This flaw enables attackers to execute arbitrary commands on the affected system, potentially compromising sensitive data and operations. Users are advised to implement necessary security measures and updates to mitigate the risks associated with unauthorized command execution.

References

https://visionspace.com/remote-code-execution-and-critica...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Dec 6, 2024